Skip to main content
CVE-2021-28151 HIGH POC THREAT This Week

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H8922 Firmware
NVD
CVSS 3.1
8.8
EPSS
27.9%
CVE-2021-31616 HIGH POC PATCH This Week

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Keepkey Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-26543 HIGH POC PATCH This Week

The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Parse
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-24253 HIGH POC This Week

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Classyfrieds
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-24179 HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24178 HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-28128 HIGH POC This Week

In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-32077 HIGH POC This Week

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Msow Solutions
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-24254 HIGH POC This Week

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress File Upload College Publisher Import
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-24252 HIGH POC This Week

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Event Banner
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-24248 HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-29493 HIGH PATCH This Week

Kennnyshiwa-cogs contains cogs for Red Discordbot. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kennnyshiwa Cogs
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-1508 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-1505 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-1400 HIGH This Week

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Wap125 Firmware Wap131 Firmware Wap150 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-1284 HIGH This Week

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-1365 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-1363 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-1514 HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vmanage +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1496 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1430 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1429 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1428 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1427 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1426 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1421 HIGH This Week

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Enterprise Nfv Infrastructure Software
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-28665 HIGH This Week

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Network Security Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31918 HIGH This Week

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31793 HIGH This Week

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wdb 20 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-22209 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31409 HIGH PATCH This Week

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Vaadin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-1513 HIGH This Week

A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Vsmart Controller Firmware +8
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-1510 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Vedge 100 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1509 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Vedge 100 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1275 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-1506 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-1401 HIGH This Week

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Wap125 Firmware Wap131 Firmware Wap150 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-31828 HIGH PATCH This Week

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Open Distro
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-3501 HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux +17
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-1530 HIGH This Week

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service XXE Broadworks Messaging Server
NVD
CVSS 3.1
7.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy