Skip to main content
CVE-2021-24441 HIGH POC This Week

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Sign Up Sheets
NVD WPScan
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-22921 HIGH POC PATCH This Week

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Node.js Node Js Sinec Infrastructure Network Services
NVD
CVSS 3.1
7.8
EPSS
7.4%
CVE-2021-33807 HIGH POC THREAT This Week

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gespage
NVD
CVSS 3.1
7.5
EPSS
16.1%
CVE-2021-27293 HIGH POC PATCH This Week

RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Restsharp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-32688 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-24015 HIGH This Week

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortimail
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-32679 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-26089 HIGH This Week

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-32727 HIGH This Week

Nextcloud Android Client is the Android client for Nextcloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-32705 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-29794 HIGH PATCH This Week

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Netcool Impact
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-30639 HIGH PATCH This Week

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Denial Of Service Epolicy Orchestrator Big Data Spatial And Graph
NVD
CVSS 3.1
7.5
EPSS
6.9%
CVE-2021-36377 HIGH This Week

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fossil Fedora
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-26090 HIGH This Week

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimail
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3547 HIGH PATCH This Week

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Openvpn
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2021-29792 HIGH This Week

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Event Streams
NVD
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy