Skip to main content
CVE-2021-1498 CRITICAL POC KEV THREAT Emergency

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Command Injection Hyperflex Hx Data Platform
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-1497 CRITICAL POC KEV THREAT Emergency

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Command Injection Hyperflex Hx Data Platform
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-31737 CRITICAL POC Act Now

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-29203 CRITICAL POC THREAT Act Now

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Edgeline Infrastructure Manager
NVD
CVSS 3.1
9.8
EPSS
68.3%
CVE-2021-28152 CRITICAL POC Act Now

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H8922 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-32030 CRITICAL POC KEV THREAT Act Now

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lyra Mini Firmware Gt Ac2900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
99.4%
CVE-2021-29921 CRITICAL POC PATCH Act Now

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Authentication Bypass Communications Cloud Native Core Automated Test Suite Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Slice Selection Function +2
NVD GitHub
CVSS 3.1
9.8
EPSS
6.8%
CVE-2021-24236 CRITICAL POC Act Now

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Imagements
NVD WPScan
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-28151 HIGH POC THREAT This Week

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H8922 Firmware
NVD
CVSS 3.1
8.8
EPSS
27.9%
CVE-2021-31616 HIGH POC PATCH This Week

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Keepkey Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-26543 HIGH POC PATCH This Week

The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Parse
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-24253 HIGH POC This Week

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Classyfrieds
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-24179 HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24178 HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-1499 MEDIUM POC THREAT This Month

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Authentication Bypass Hyperflex Hx Data Platform
NVD
CVSS 3.1
5.3
EPSS
80.4%
CVE-2021-28128 HIGH POC This Week

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-32077 HIGH POC This Week

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Msow Solutions
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-24254 HIGH POC This Week

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress File Upload College Publisher Import
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-24252 HIGH POC This Week

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Event Banner
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-24248 HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-31532 MEDIUM POC This Month

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lpc55S69Jbd100 Firmware Lpc55S66Jbd100 Firmware Lpc55S69Jev98 Firmware Lpcs66Jev98 Firmware +20
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-28149 MEDIUM POC THREAT This Month

Hongdian H8922 3.0.5 devices allow Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal H8922 Firmware
NVD
CVSS 3.1
6.5
EPSS
13.8%
CVE-2021-24249 MEDIUM POC This Month

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-24244 MEDIUM POC This Month

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wpbakery Page Builder Clipboard
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-27216 MEDIUM POC This Month

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Exim
NVD
CVSS 3.1
6.3
EPSS
1.0%
CVE-2021-3507 MEDIUM POC This Month

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qemu Debian Linux Enterprise Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-24245 MEDIUM POC This Month

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
5.7%
CVE-2021-24214 MEDIUM POC This Month

The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Openid Connect Generic Client
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-31245 MEDIUM POC PATCH This Month

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Openmptcprouter
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2021-30473 CRITICAL PATCH Act Now

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Aomedia Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20204 CRITICAL Act Now

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Privilege Escalation Getdata +2
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-29490 MEDIUM POC PATCH THREAT This Month

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Jellyfin
NVD GitHub
CVSS 3.1
5.8
EPSS
69.9%
CVE-2021-21505 CRITICAL Act Now

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 - 2011, contain an undocumented default iDRAC account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass Emc Integrated System For Microsoft Azure Stack Hub Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-1468 CRITICAL Act Now

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-28150 MEDIUM POC This Month

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H8922 Firmware
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2021-24250 MEDIUM POC This Month

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24247 MEDIUM POC This Month

The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Contact Form Check Tester
NVD WPScan Exploit-DB
CVSS 3.1
5.4
EPSS
4.7%
CVE-2021-24246 MEDIUM POC This Month

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Workscout Workscout Core
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24243 MEDIUM POC This Month

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbakery Page Builder Clipboard
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29493 HIGH PATCH This Week

Kennnyshiwa-cogs contains cogs for Red Discordbot. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kennnyshiwa Cogs
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-1508 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-1505 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-1400 HIGH This Week

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Wap125 Firmware Wap131 Firmware Wap150 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-1284 HIGH This Week

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-24251 MEDIUM POC This Month

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-1365 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-1363 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-1514 HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vmanage +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1496 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1430 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy