Skip to main content
CVE-2021-24442 CRITICAL POC THREAT Act Now

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Poll Survey Questionnaire And Voting System
NVD WPScan
CVSS 3.1
9.8
EPSS
46.9%
CVE-2021-24385 CRITICAL POC Act Now

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filebird
NVD WPScan
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-23390 CRITICAL POC PATCH Act Now

The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total4
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-23389 CRITICAL POC PATCH Act Now

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-35064 CRITICAL POC THREAT Act Now

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Viaware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
70.8%
CVE-2021-24441 HIGH POC This Week

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Sign Up Sheets
NVD WPScan
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-22921 HIGH POC PATCH This Week

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Node.js Node Js Sinec Infrastructure Network Services
NVD
CVSS 3.1
7.8
EPSS
7.4%
CVE-2021-33807 HIGH POC THREAT This Week

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gespage
NVD
CVSS 3.1
7.5
EPSS
16.1%
CVE-2021-27293 HIGH POC PATCH This Week

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Restsharp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-32747 MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-24454 MEDIUM POC This Month

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yop Poll
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-24434 MEDIUM POC This Month

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Glass
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24429 MEDIUM POC This Month

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salon Booking System
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24409 MEDIUM POC This Month

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Prismatic
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-32726 CRITICAL Act Now

Nextcloud Server is a Nextcloud package that handles data storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-26088 CRITICAL Act Now

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Single Sign On
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2021-24439 MEDIUM POC This Month

The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Browser Screenshots
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24424 MEDIUM POC This Month

The WP Reset - Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Reset
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24421 MEDIUM POC This Month

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jobsearch Wp Job Board
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24420 MEDIUM POC This Month

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Request A Quote
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24408 MEDIUM POC This Month

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Prismatic
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24365 MEDIUM POC This Month

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Admin Columns
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-32746 MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Icinga
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-36381 MEDIUM POC This Month

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Transaction Management
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-22918 MEDIUM POC PATCH THREAT This Month

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Node.js Information Disclosure Node Js Sinec Infrastructure Network Services
NVD
CVSS 3.1
5.3
EPSS
23.1%
CVE-2021-24440 MEDIUM POC This Month

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sign Up Sheets
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24427 MEDIUM POC This Month

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W3 Total Cache
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24426 MEDIUM POC This Month

The Backup by 10Web - Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup Wd
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24419 MEDIUM POC This Month

The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Youtube Lyte
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24418 MEDIUM POC This Month

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smooth Scroll Page Up Down Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-32688 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-24015 HIGH This Week

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortimail
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-32679 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-32707 MEDIUM POC PATCH This Month

Nextcloud Mail is a mail app for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-36383 MEDIUM POC This Month

Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xo Server Xo Web
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-26089 HIGH This Week

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-32727 HIGH This Week

Nextcloud Android Client is the Android client for Nextcloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-32705 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-29794 HIGH PATCH This Week

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Netcool Impact
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-30639 HIGH PATCH This Week

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Denial Of Service Epolicy Orchestrator Big Data Spatial And Graph
NVD
CVSS 3.1
7.5
EPSS
6.9%
CVE-2021-36377 HIGH This Week

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fossil Fedora
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-26090 HIGH This Week

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimail
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3547 HIGH PATCH This Week

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Openvpn
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2021-29792 HIGH This Week

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Event Streams
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-21591 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21590 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21589 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-32689 MEDIUM PATCH This Month

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Talk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-30640 MEDIUM PATCH This Month

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Tomcat Apache Authentication Bypass Communications Cloud Native Core Policy Communications Diameter Signaling Router +4
NVD
CVSS 3.1
6.5
EPSS
9.9%
CVE-2021-24013 MEDIUM This Month

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Fortimail
NVD
CVSS 3.1
6.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy