Skip to main content
CVE-2021-29300 CRITICAL POC PATCH Act Now

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opened
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-30108 CRITICAL POC Act Now

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Feehi Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-33525 HIGH POC This Week

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
7.7%
CVE-2021-30081 HIGH POC This Week

An issue was discovered in emlog 6.0.0stable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure Emlog
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-32629 HIGH POC PATCH This Week

Cranelift is an open-source code generator maintained by Bytecode Alliance. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cranelift Codegen
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-24307 HIGH POC THREAT This Week

The All in One SEO - Best WordPress SEO Plugin - Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress RCE All In One Seo
NVD WPScan
CVSS 3.1
8.8
EPSS
53.3%
CVE-2021-33563 HIGH POC PATCH This Week

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Koel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-3485 MEDIUM POC This Month

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Endpoint Security Tools
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2021-23387 MEDIUM POC PATCH This Month

The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Trailing Slash
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-30083 MEDIUM POC This Month

An issue was discovered in Mediat 1.4.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-30082 MEDIUM POC This Month

An issue was discovered in Gris CMS v0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gris Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-25938 MEDIUM POC PATCH This Month

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Arangodb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24305 MEDIUM POC This Month

The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Watcheezy
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24300 MEDIUM POC THREAT This Month

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Slider For Woocommerce
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
10.6%
CVE-2021-24298 MEDIUM POC This Month

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Giveaways
NVD WPScan
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-24297 MEDIUM POC This Month

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Goto
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24294 MEDIUM POC This Month

The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Dsgvo All In One For Wp
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-20426 CRITICAL PATCH Act Now

IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-32075 CRITICAL Act Now

Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Terraria
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-24308 MEDIUM POC This Month

The 'State' field of the Edit profile page of the LMS by LifterLMS - Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Lifterlms
NVD GitHub WPScan Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2021-24306 MEDIUM POC This Month

The Ultimate Member - User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Member
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24302 MEDIUM POC This Month

The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the 'Default Skin' field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hana Flv Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24301 MEDIUM POC This Month

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Hotjar Connecticator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33497 CRITICAL PATCH Act Now

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Transfer Sh
NVD GitHub
CVSS 3.1
9.1
EPSS
2.0%
CVE-2021-33562 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Shopizer
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.9%
CVE-2021-33561 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Shopizer
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.9%
CVE-2021-29256 HIGH KEV THREAT This Week

. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Memory Corruption Information Disclosure Bifrost Gpu Kernel Driver +2
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2021-24332 MEDIUM POC This Month

The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24296 MEDIUM POC This Month

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Customer Reviews
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-33516 HIGH PATCH This Week

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gupnp
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-20389 HIGH PATCH This Week

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20726 HIGH This Week

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Overwolf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20722 HIGH This Week

Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Scansnap Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-20713 HIGH This Week

Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Qnd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33502 HIGH PATCH This Week

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data:. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Normalize Url
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-20419 HIGH PATCH This Week

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-21000 HIGH This Week

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 750 823 Firmware 750 829 Firmware 750 831 Firmware 750 832 Firmware +23
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20557 HIGH PATCH This Week

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-20385 HIGH PATCH This Week

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-3559 MEDIUM PATCH This Month

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libvirt Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21989 MEDIUM PATCH This Month

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Information Disclosure VMware Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-21988 MEDIUM PATCH This Month

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Information Disclosure VMware Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-21987 MEDIUM PATCH This Month

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Information Disclosure VMware Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-21001 MEDIUM This Month

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal 750 823 Firmware 750 829 Firmware 750 831 Firmware 750 832 Firmware +23
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20386 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Guardium
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-33496 MEDIUM PATCH This Month

Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Transfer Sh
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-20725 MEDIUM This Month

Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Calendar01
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20724 MEDIUM This Month

Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Telop01
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20723 MEDIUM This Month

Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailform01
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32624 MEDIUM This Month

Keystone 5 is an open source CMS platform to build Node.js applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Node.js Oracle Information Disclosure Keystone 5
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy