Skip to main content
CVE-2021-33525 HIGH POC This Week

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
7.7%
CVE-2021-30081 HIGH POC This Week

An issue was discovered in emlog 6.0.0stable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure Emlog
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-32629 HIGH POC PATCH This Week

Cranelift is an open-source code generator maintained by Bytecode Alliance. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cranelift Codegen
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-24307 HIGH POC THREAT This Week

The All in One SEO - Best WordPress SEO Plugin - Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress RCE All In One Seo
NVD WPScan
CVSS 3.1
8.8
EPSS
53.3%
CVE-2021-33563 HIGH POC PATCH This Week

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Koel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-29256 HIGH KEV THREAT This Week

. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Memory Corruption Information Disclosure Bifrost Gpu Kernel Driver +2
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2021-33516 HIGH PATCH This Week

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gupnp
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-20389 HIGH PATCH This Week

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20726 HIGH This Week

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Overwolf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20722 HIGH This Week

Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Scansnap Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-20713 HIGH This Week

Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Qnd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33502 HIGH PATCH This Week

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data:. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Normalize Url
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-20419 HIGH PATCH This Week

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-21000 HIGH This Week

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 750 823 Firmware 750 829 Firmware 750 831 Firmware 750 832 Firmware +23
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20557 HIGH PATCH This Week

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-20385 HIGH PATCH This Week

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.2
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy