Skip to main content
CVE-2021-24293 MEDIUM POC This Month

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nextgen Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24276 MEDIUM POC THREAT This Month

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
16.0%
CVE-2021-24275 MEDIUM POC THREAT This Month

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
18.2%
CVE-2021-24274 MEDIUM POC THREAT This Month

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Maps
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
17.6%
CVE-2021-31800 CRITICAL PATCH Act Now

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Impacket Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
19.3%
CVE-2021-24267 MEDIUM POC This Month

The “All-in-One Addons for Elementor - WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS All In One Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24263 MEDIUM POC This Month

The “Elementor Addons - PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Powerpack Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24261 MEDIUM POC This Month

The “HT Mega - Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ht Mega
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24260 MEDIUM POC This Month

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-32055 CRITICAL PATCH Act Now

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Mutt Neomutt
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2021-24272 MEDIUM POC This Month

The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Fitness Calculators
NVD WPScan Exploit-DB
CVSS 3.1
4.3
EPSS
1.8%
CVE-2021-31411 HIGH PATCH This Week

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Flow Vaadin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-29100 HIGH This Week

A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Arcgis Earth
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-20401 HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25319 HIGH PATCH This Week

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Factory
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29101 HIGH This Week

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Arcgis Geoevent Server
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-31542 HIGH PATCH This Week

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
5.3%
CVE-2021-31518 HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-31517 HIGH This Week

Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Home Network Security
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20254 MEDIUM This Month

A flaw was found in samba. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Samba Fedora +2
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2021-29246 MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Btcpay Server
NVD GitHub
CVSS 3.1
6.7
EPSS
1.5%
CVE-2021-20397 MEDIUM This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-25179 MEDIUM This Month

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serv U File Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-24273 MEDIUM This Month

The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Clever Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24271 MEDIUM This Month

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ultimate Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24270 MEDIUM This Month

The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Dethemekit For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24269 MEDIUM This Month

The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Sina Extension For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24268 MEDIUM This Month

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Jetwidgets For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24266 MEDIUM This Month

The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS The Plus Addons For Elementor Page Builder Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24265 MEDIUM This Month

The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Rife Elementor Extensions Templates
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24264 MEDIUM This Month

The “Image Hover Effects - Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Image Hover Effects
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24262 MEDIUM This Month

The “WooLentor - WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Woolentor Woocommerce Elementor Addons Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24259 MEDIUM This Month

The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementor Addon Elements
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24258 MEDIUM This Month

The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elements Kit Elementor Addons
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24257 MEDIUM This Month

The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Premium Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24256 MEDIUM This Month

The “Elementor - Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementor Header Footer Blocks Template
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24255 MEDIUM This Month

The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Essential Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29489 MEDIUM PATCH This Month

Highcharts JS is a JavaScript charting library based on SVG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Highcharts Cloud Backup Oncommand Insight Oncommand Workflow Automation +1
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-29250 MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29248 MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29247 MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-29245 MEDIUM This Month

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-25317 LOW Monitor

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cups Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy