Skip to main content
CVE-2021-22555 HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware C250 Firmware H410c Firmware +18
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
78.7%
CVE-2021-21789 HIGH POC This Week

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-21788 HIGH POC This Week

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-21787 HIGH POC This Week

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-34622 HIGH POC This Week

A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP Profilepress
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-34620 HIGH POC This Week

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation WordPress XSS Contact Form
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-21775 HIGH POC This Week

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple Memory Corruption Webkitgtk +2
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-21786 HIGH POC This Week

A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced Systemcare Ultimate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26273 HIGH POC This Week

The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ninjarmm
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26274 HIGH POC This Week

The Agent in NinjaRMM 5.0.909 has Insecure Permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ninjarmm
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-20378 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-33217 HIGH This Week

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ruckus Iot Controller
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-28931 HIGH PATCH This Week

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fork Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-20780 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wordpress Currency Switcher
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-20779 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wordpress Email Template Designer
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-20739 HIGH This Week

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrc 300Febk Firmware Wrc F300Nf Firmware Wrc 733Febk Firmware Wrh 300Rd Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-33220 HIGH This Week

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-35039 HIGH PATCH This Week

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Jwt Attack Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20474 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20415 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20379 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-31925 HIGH This Week

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-32532 HIGH This Week

Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Xevo
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32527 HIGH This Week

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Storage Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32519 HIGH This Week

Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sanos Storage Manager Xevo
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-32518 HIGH This Week

A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32517 HIGH This Week

Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Storage Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-32516 HIGH This Week

Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Storage Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32514 HIGH This Week

Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Storage Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-26038 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-26036 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32525 HIGH This Week

The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Storage Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-32524 HIGH This Week

Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Storage Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-32523 HIGH This Week

Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Storage Manager
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-22230 HIGH This Week

Improper code rendering while rendering merge requests could be exploited to submit malicious code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy