Skip to main content
CVE-2021-3287 CRITICAL POC THREAT Emergency

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Zoho Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
51.3%
CVE-2021-2135 CRITICAL POC PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
8.4%
CVE-2021-30476 CRITICAL POC Act Now

HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hashicorp Terraform Provider
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-2264 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available.

Oracle Authentication Bypass Vm Virtualbox
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2021-0253 HIGH POC This Week

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Juniper Junos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-0252 HIGH POC This Week

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Juniper Junos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-3496 HIGH POC This Week

A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jhead
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-23133 HIGH POC PATCH This Week

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. Rated high severity (CVSS 7.0). Public exploit code available.

Linux Privilege Escalation Race Condition Linux Kernel Fedora +13
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-24238 MEDIUM POC This Month

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Findeo Realteo
NVD WPScan
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-27736 MEDIUM POC PATCH This Month

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Saml V2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-2053 MEDIUM POC PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-24241 MEDIUM POC This Month

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Custom Fields
NVD GitHub WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-24239 MEDIUM POC PATCH This Month

The Pie Register - User Registration Forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Pie Register
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-24237 MEDIUM POC This Month

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Findeo Realteo
NVD WPScan
CVSS 3.1
6.1
EPSS
6.3%
CVE-2021-24235 MEDIUM POC This Month

The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Goto
NVD WPScan
CVSS 3.1
6.1
EPSS
2.9%
CVE-2021-24234 MEDIUM POC This Month

The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ivory Search
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24233 MEDIUM POC This Month

The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cooked
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-29467 MEDIUM POC This Month

Wrongthink is an encrypted peer-to-peer chat program. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wrongthink
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-2317 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
10.0
EPSS
1.9%
CVE-2021-2256 CRITICAL PATCH Act Now

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Storage Cloud Software Appliance
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2021-2248 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2021-2244 CRITICAL PATCH Act Now

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Essbase Analytic Provider Services Hyperion Analytic Provider Services
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2021-2177 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2021-0248 CRITICAL Act Now

This issue is not applicable to NFX NextGen Software. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2021-2302 CRITICAL PATCH Act Now

Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Java Platform Security For Java
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-2136 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-27389 CRITICAL Act Now

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opcenter Quality Qms Automotive
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-25669 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Siemens RCE Stack Overflow Scalance X200 4P Irt Firmware +28
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-25668 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware +27
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-24240 CRITICAL Act Now

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload Business Hours Pro
NVD WPScan
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-0266 CRITICAL Act Now

The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-0254 CRITICAL Act Now

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-0249 CRITICAL Act Now

On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-31572 CRITICAL PATCH Act Now

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Freertos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-31571 CRITICAL PATCH Act Now

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Freertos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-29465 CRITICAL Act Now

Discord-Recon is a bot for the Discord chat service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Discord Recon
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-2221 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
9.6
EPSS
2.0%
CVE-2021-24232 MEDIUM POC This Month

The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Booking Calendar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-0268 CRITICAL Act Now

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos
NVD
CVSS 3.1
9.3
EPSS
0.9%
CVE-2021-2320 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-2319 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-2318 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-2253 CRITICAL PATCH Act Now

Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Advanced Supply Chain Planning
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-2205 CRITICAL PATCH Act Now

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-2200 CRITICAL PATCH Act Now

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-27392 HIGH This Week

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siveillance Video Open Network Bridge
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-0275 HIGH This Week

A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-0269 HIGH This Week

The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-25664 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Readystart V4 +1
NVD
CVSS 4.0
8.7
EPSS
1.9%
CVE-2021-25663 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capital Vstar Nucleus Net Nucleus Readystart Nucleus Source Code
NVD
CVSS 4.0
8.7
EPSS
1.9%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy