Skip to main content
CVE-2021-22555 HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware C250 Firmware H410c Firmware +18
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
78.7%
CVE-2021-21807 CRITICAL POC Act Now

An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-33221 CRITICAL POC THREAT Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
9.8
EPSS
57.0%
CVE-2021-34624 CRITICAL POC Act Now

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Profilepress
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-34623 CRITICAL POC Act Now

A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Profilepress
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-34621 CRITICAL POC THREAT Act Now

A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP Profilepress
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
68.9%
CVE-2021-25952 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Just Safe Set
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-32714 CRITICAL POC PATCH Act Now

hyper is an HTTP library for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Hyper
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-21789 HIGH POC This Week

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-21788 HIGH POC This Week

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-21787 HIGH POC This Week

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-34622 HIGH POC This Week

A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP Profilepress
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-34620 HIGH POC This Week

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation WordPress XSS Contact Form
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-21775 HIGH POC This Week

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple Memory Corruption Webkitgtk +2
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-21786 HIGH POC This Week

A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26273 HIGH POC This Week

The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ninjarmm
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26274 HIGH POC This Week

The Agent in NinjaRMM 5.0.909 has Insecure Permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ninjarmm
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-32537 MEDIUM POC This Month

Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hda Driver
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-35451 MEDIUM POC This Month

In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pcoip Management Console
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33219 CRITICAL Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-33218 CRITICAL Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-33216 CRITICAL POC THREAT Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruckus Iot Controller
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.8%
CVE-2021-32538 CRITICAL Act Now

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Artware Cms
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-32535 CRITICAL Act Now

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32534 CRITICAL Act Now

QSAN SANOS factory reset function does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-32533 CRITICAL Act Now

The QSAN SANOS setting page does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-32531 CRITICAL Act Now

OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Xevo
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-32530 CRITICAL Act Now

OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Xevo
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32529 CRITICAL Act Now

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos Xevo
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32522 CRITICAL Act Now

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sanos Storage Manager Xevo
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32521 CRITICAL Act Now

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos Storage Manager Xevo
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-32520 CRITICAL Act Now

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-32513 CRITICAL Act Now

QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Storage Manager
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-32512 CRITICAL Act Now

QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Storage Manager
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20776 CRITICAL Act Now

Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass At 40Cm01Sr Firmware Sct 40Cm01Sr Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-34625 MEDIUM POC This Month

A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts.2.3 and prior. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Upload Restriction
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32715 MEDIUM POC PATCH This Month

hyper is an HTTP library for rust. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Hyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20378 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-33217 HIGH This Week

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ruckus Iot Controller
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-28931 HIGH PATCH This Week

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fork Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-20780 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wordpress Currency Switcher
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-20779 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wordpress Email Template Designer
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-20739 HIGH This Week

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrc 300Febk Firmware Wrc F300Nf Firmware Wrc 733Febk Firmware Wrh 300Rd Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-22233 MEDIUM POC This Month

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-34626 MEDIUM POC This Month

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators.2.3 and prior. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Upload Restriction
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-33220 HIGH This Week

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-35039 HIGH PATCH This Week

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Jwt Attack Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20474 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20415 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20379 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy