Skip to main content
CVE-2021-32682 CRITICAL POC PATCH THREAT Act Now

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE Path Traversal Elfinder
NVD GitHub
CVSS 3.1
9.8
EPSS
69.9%
CVE-2021-24347 HIGH POC THREAT Act Now

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Sp Project Document Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
52.0%
CVE-2021-24356 HIGH POC This Week

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
3.0%
CVE-2021-24354 HIGH POC This Week

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24353 HIGH POC This Week

The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-24352 HIGH POC This Week

The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-24341 HIGH POC PATCH This Week

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi English Islamic Calendar
NVD WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-24348 HIGH POC This Week

The menu delete functionality of the Side Menu - add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Side Menu
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-24345 MEDIUM POC This Month

The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress SQLi Sendit
NVD WPScan
CVSS 3.1
6.6
EPSS
1.3%
CVE-2021-24360 MEDIUM POC This Month

The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Yes No Chart
NVD WPScan
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-24358 MEDIUM POC This Month

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect The Plus Addons For Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-24351 MEDIUM POC This Month

The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS The Plus Addons For Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
2.5%
CVE-2021-24350 MEDIUM POC This Month

The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Visitors Online
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-24349 MEDIUM POC This Month

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Gallery From Files
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-0324 CRITICAL Act Now

Product: AndroidVersions: Android SoCAndroid ID: A-175402462. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-34693 MEDIUM POC This Month

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-24382 MEDIUM POC PATCH This Month

The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation WordPress XSS Smart Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24357 MEDIUM POC This Month

In the Best Image Gallery & Responsive Photo Gallery - FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Foogallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24346 MEDIUM POC This Month

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stock In Out
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24359 MEDIUM POC This Month

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Authentication Bypass The Plus Addons For Elementor
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-24355 MEDIUM POC This Month

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20027 HIGH This Week

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-27196 HIGH This Week

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Relion 670 Firmware Relion 650 Firmware Relion Sam600 Io Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-26845 HIGH This Week

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Authentication Bypass Esoms
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-0467 MEDIUM This Month

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2021-21557 MEDIUM PATCH This Month

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell RCE Denial Of Service Information Disclosure Poweredge R640 Firmware +30
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21556 MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Information Disclosure +10
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21555 MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Information Disclosure Heap Overflow +10
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21554 MEDIUM PATCH This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow RCE Dell Information Disclosure +11
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21439 MEDIUM This Month

DoS attack can be performed when an email contains specially designed URL in the body. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32684 MEDIUM PATCH This Month

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Adobe Magento Scripts
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-27887 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Abb Ellipse Asset Performance Management
NVD
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy