Skip to main content
CVE-2021-24376 CRITICAL POC Act Now

The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP File Upload Autoptimize
NVD WPScan
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-24370 CRITICAL POC THREAT Act Now

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE File Upload Fancy Product Designer
NVD WPScan
CVSS 3.1
9.8
EPSS
47.1%
CVE-2021-24361 CRITICAL POC Act Now

In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Location Manager
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-31769 HIGH POC This Week

MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Myq Server
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-24377 HIGH POC This Week

The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Race Condition Authentication Bypass Autoptimize
NVD WPScan
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-35196 HIGH POC This Week

Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Manuskript
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-29063 HIGH POC PATCH This Week

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Mpmath Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2021-29061 HIGH POC PATCH This Week

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Vfsjfilechooser2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-29059 HIGH POC PATCH This Week

A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Is Svg
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-21517 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-19511 MEDIUM POC This Month

Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Typesetter
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24373 MEDIUM POC This Month

The WP Hardening - Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Hardening
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24372 MEDIUM POC This Month

The WP Hardening - Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Hardening
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24364 MEDIUM POC This Month

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jannah
NVD WPScan
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-21422 MEDIUM POC PATCH This Month

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js XSS Mongo Express
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-35066 CRITICAL Act Now

An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Automate
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-26461 CRITICAL Act Now

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Apache Nuttx
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2021-0516 CRITICAL PATCH Act Now

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Privilege Escalation Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-24383 MEDIUM POC This Month

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Wp Go Maps
NVD WPScan Exploit-DB
CVSS 3.1
5.4
EPSS
2.3%
CVE-2021-24369 MEDIUM POC This Month

In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Getpaid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24367 MEDIUM POC This Month

The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Config File Editor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24366 MEDIUM POC This Month

The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Admin Columns
NVD GitHub WPScan
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-24339 MEDIUM POC This Month

The Pods - Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pods
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24338 MEDIUM POC This Month

The Pods - Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pods
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24379 MEDIUM POC This Month

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Comments Like Dislike
NVD WPScan
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-24374 MEDIUM POC PATCH This Month

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Jetpack
NVD WPScan
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-29060 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Color String
NVD GitHub
CVSS 3.1
5.3
EPSS
3.1%
CVE-2021-24378 MEDIUM POC This Month

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-0507 HIGH PATCH This Week

In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-28684 MEDIUM POC This Month

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Powerarchiver
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-34388 HIGH This Week

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0531 HIGH This Week

In memory management driver, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0530 HIGH This Week

In memory management driver, there is a possible out of bounds write due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0529 HIGH This Week

In memory management driver, there is a possible memory corruption due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0528 HIGH This Week

In memory management driver, there is a possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0527 HIGH This Week

In memory management driver, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0526 HIGH This Week

In memory management driver, there is a possible out of bounds write due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0525 HIGH This Week

In memory management driver, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0513 HIGH PATCH This Week

In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0512 HIGH PATCH This Week

In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0511 HIGH PATCH This Week

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0510 HIGH PATCH This Week

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0505 HIGH PATCH This Week

In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0478 HIGH PATCH This Week

In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29337 HIGH PATCH This Week

MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dragon Center
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-0522 HIGH PATCH This Week

In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-0517 HIGH PATCH This Week

In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-0523 HIGH PATCH This Week

In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2021-0506 HIGH PATCH This Week

In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-0533 HIGH This Week

In memory management driver, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy