Skip to main content
CVE-2021-27112 CRITICAL POC Act Now

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Lightcms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-27850 CRITICAL POC PATCH THREAT Act Now

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Information Disclosure Java Tapestry
NVD
CVSS 3.1
9.8
EPSS
94.1%
CVE-2021-29448 HIGH POC This Week

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ftldns Pi Hole Web Interface
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-28242 HIGH POC This Week

SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP B2Evolution
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
5.0%
CVE-2021-21405 HIGH POC PATCH This Week

Lotus is an Implementation of the Filecoin protocol written in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Lotus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31402 HIGH POC This Week

The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-29447 MEDIUM POC THREAT This Month

Wordpress is an open source CMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP XXE Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
85.7%
CVE-2021-31229 MEDIUM POC This Month

An issue was discovered in libezxml.a in ezXML 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-30209 MEDIUM POC This Month

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-27545 MEDIUM POC This Month

SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-3243 MEDIUM POC This Month

Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wfilter Internet Content Filter
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21087 MEDIUM POC PATCH THREAT This Month

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Coldfusion
NVD
CVSS 3.1
5.4
EPSS
37.1%
CVE-2021-27129 MEDIUM POC This Month

CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Casap Automated Enrollment System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27672 MEDIUM POC PATCH This Month

SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenario
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-30245 HIGH PATCH This Week

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Openoffice
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2021-27673 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Zenario
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-27544 MEDIUM POC This Month

Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Beauty Parlour Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-28549 HIGH This Week

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
6.5%
CVE-2021-28548 HIGH This Week

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop
NVD
CVSS 3.0
7.8
EPSS
6.4%
CVE-2021-21100 HIGH This Week

Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Digital Editions
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-21095 HIGH This Week

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.0
7.8
EPSS
3.9%
CVE-2021-21094 HIGH This Week

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2021-21093 HIGH This Week

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.0
7.8
EPSS
3.9%
CVE-2021-21092 HIGH This Week

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Bridge
NVD
CVSS 3.0
7.8
EPSS
3.9%
CVE-2021-23887 HIGH This Week

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Data Loss Prevention Endpoint
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29430 HIGH PATCH This Week

Sydent is a reference Matrix identity server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sydent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-20288 HIGH PATCH This Week

An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ceph Ceph Storage Fedora Debian Linux
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-0488 MEDIUM PATCH This Month

In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-29431 MEDIUM PATCH This Month

Sydent is a reference Matrix identity server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sydent
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-28055 MEDIUM PATCH This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Centreon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-26582 MEDIUM This Month

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Red Hat HP Icewall Sso Dgfw
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29432 MEDIUM PATCH This Month

Sydent is a reference matrix identity server. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sydent
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-21096 MEDIUM This Month

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Adobe Authentication Bypass Bridge
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-23886 MEDIUM This Month

Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Data Loss Prevention Endpoint
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-30479 MEDIUM This Month

An issue was discovered in Zulip Server before 3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-29450 MEDIUM This Month

Wordpress is an open source CMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
2.3%
CVE-2021-29433 MEDIUM PATCH This Month

Sydent is a reference Matrix identity server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sydent
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-23884 MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Content Security Reporter
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-30478 MEDIUM This Month

An issue was discovered in Zulip Server before 3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-30477 MEDIUM This Month

An issue was discovered in Zulip Server before 3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zulip Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-26075 MEDIUM PATCH This Month

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-26076 LOW PATCH Monitor

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2021-21091 LOW Monitor

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.0
3.3
EPSS
2.4%
CVE-2021-30487 LOW Monitor

In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zulip Server
NVD
CVSS 3.1
2.7
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy