Skip to main content
CVE-2021-24314 CRITICAL POC Act Now

The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Goto
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-21844 HIGH POC This Week

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-21833 HIGH POC This Week

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-21841 HIGH POC This Week

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-21840 HIGH POC This Week

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-21838 HIGH POC This Week

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-21843 HIGH POC This Week

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21842 HIGH POC This Week

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21832 HIGH POC This Week

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21830 HIGH POC This Week

A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21819 HIGH POC This Week

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21816 HIGH POC This Week

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21831 HIGH POC This Week

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21818 HIGH POC This Week

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21836 HIGH POC This Week

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-21814 HIGH POC This Week

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-32403 HIGH POC This Week

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rf 301K Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-32402 HIGH POC This Week

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rf 301K Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-21827 HIGH POC This Week

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-21813 HIGH POC This Week

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-29024 HIGH POC PATCH This Week

In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Invoiceplane
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-24295 HIGH POC This Week

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Spam Protection Antispam Firewall
NVD WPScan
CVSS 3.1
7.5
EPSS
4.7%
CVE-2020-21839 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-21817 MEDIUM POC This Month

A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21815 MEDIUM POC This Month

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21835 MEDIUM POC This Month

A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21834 MEDIUM POC This Month

A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-24324 MEDIUM POC This Month

The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS All 404 Redirect To Homepage
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-32618 MEDIUM POC PATCH This Month

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Python Flask Security
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-33041 MEDIUM POC This Month

vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft XSS RCE Vmd
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24325 MEDIUM POC This Month

The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Redirection Plugin
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24299 MEDIUM POC This Month

The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Redi Restaurant Reservation
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
5.5%
CVE-2021-24288 MEDIUM POC This Month

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Acymailing
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-27342 MEDIUM POC This Month

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 842E Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
4.6%
CVE-2021-27734 CRITICAL Act Now

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hirschmann Hios Hisecos
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-23384 MEDIUM POC PATCH This Month

The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Koa Remove Trailing Slashes
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24326 MEDIUM POC This Month

The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS All 404 Redirect To Homepage
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24292 MEDIUM POC This Month

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Happy Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29023 MEDIUM POC PATCH This Month

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Invoiceplane
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29053 HIGH PATCH This Week

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Dxp Liferay Portal
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-32454 HIGH This Week

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Remote Cap Prx Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-24327 MEDIUM POC This Month

The SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Redirection Plugin
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24323 MEDIUM POC PATCH This Month

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24315 MEDIUM POC This Month

The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Givewp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24289 HIGH This Week

There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Store Locator Plus
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-32622 HIGH PATCH This Week

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Matrix React Sdk
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31728 HIGH This Week

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Antimalware
NVD GitHub
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-31727 HIGH This Week

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Antimalware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-3483 HIGH PATCH This Week

A flaw was found in the Nosy driver in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +10
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-29747 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy