Skip to main content
CVE-2021-32924 HIGH POC THREAT This Week

Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Ips Community Suite
NVD
CVSS 3.1
8.8
EPSS
19.9%
CVE-2021-24311 HIGH POC This Week

The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload External Media
NVD WPScan
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-3516 HIGH POC PATCH This Week

There's a flaw in libxml2's xmllint in versions before 2.9.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Xmllint Debian Linux +7
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-23017 HIGH POC PATCH THREAT This Week

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nginx Denial Of Service Openresty Fedora Ontap Select Deploy Administration Utility +9
NVD Exploit-DB
CVSS 3.1
7.7
EPSS
53.5%
CVE-2021-31684 HIGH POC PATCH This Week

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Json Smart V1 Json Smart V2 +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-24312 HIGH POC This Week

The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Code Injection WP Super Cache
NVD WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-22123 HIGH This Week

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiweb
NVD
CVSS 3.1
8.8
EPSS
77.3%
CVE-2021-3495 HIGH PATCH This Week

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kiali Operator Openshift Service Mesh
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-32027 HIGH PATCH This Week

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow PostgreSQL Information Disclosure Jboss Enterprise Application Platform Software Collections +1
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-29092 HIGH This Week

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE File Upload Photo Station
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-32656 HIGH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.1
8.6
EPSS
1.8%
CVE-2021-33183 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Synology Docker Path Traversal
NVD
CVSS 3.1
7.9
EPSS
0.3%
CVE-2021-29740 HIGH This Week

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Spectrum Scale
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29665 HIGH This Week

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption RCE Security Verify Access
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-29088 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Synology RCE Path Traversal Diskstation Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-23019 HIGH This Week

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nginx Information Disclosure Nginx Controller
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33184 HIGH This Week

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2021-20576 HIGH PATCH This Week

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Application Gateway Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-23018 HIGH This Week

Intra-cluster communication does not use TLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nginx Information Disclosure Nginx Controller
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-3412 HIGH This Week

It was found that all versions of 3Scale developer portal lacked brute force protections. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Scale 3Scale Api Management
NVD
CVSS 3.1
7.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy