Skip to main content
CVE-2021-35449 HIGH POC Act Now

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation G2 Driver G3 Driver G4 Driver Universal Print Driver
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-33501 CRITICAL POC Act Now

Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Overwolf
NVD GitHub
CVSS 3.1
9.6
EPSS
7.9%
CVE-2021-31590 HIGH POC PATCH This Week

PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pwndoc
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-24453 HIGH POC This Week

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Path Traversal Include Me
NVD WPScan
CVSS 3.1
8.8
EPSS
5.0%
CVE-2021-34676 HIGH POC This Week

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nex Forms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-34675 HIGH POC This Week

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nex Forms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-34817 MEDIUM POC PATCH This Month

A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Etherpad
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3279 MEDIUM POC This Month

sz.chat version 4 allows injection of web scripts and HTML in the message box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Szchat
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24452 MEDIUM POC This Month

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W3 Total Cache
NVD WPScan
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-24436 MEDIUM POC This Month

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W3 Total Cache
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-20110 CRITICAL Act Now

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Manageengine Assetexplorer
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2021-35965 CRITICAL Act Now

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-35964 CRITICAL Act Now

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-35963 CRITICAL Act Now

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-33027 CRITICAL Act Now

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-33592 CRITICAL Act Now

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Toolbar
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-24447 MEDIUM POC This Month

The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Wp Image Zoom
NVD WPScan
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-36799 HIGH This Week

KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Engineering Tool Software 5
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-24482 MEDIUM POC This Month

The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Related Posts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-31216 HIGH PATCH This Week

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Investigate
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-29707 HIGH This Week

IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Hardware Management Console
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34820 HIGH This Week

Web Path Directory Traversal in the Novus HTTP Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Novus Management System
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2021-20109 HIGH This Week

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Manageengine Assetexplorer
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20108 HIGH This Week

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Manageengine Assetexplorer
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-36797 MEDIUM This Month

In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Venus Os
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-34618 MEDIUM This Month

A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aruba Aruba Instant
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-32760 MEDIUM PATCH This Month

containerd is a container runtime. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Containerd Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
1.6%
CVE-2021-3135 MEDIUM This Month

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Newspaper
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34617 MEDIUM This Month

A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Aruba Instant
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-34821 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Novus Management System
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35043 MEDIUM PATCH This Month

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy Retail Back Office Retail Central Office Retail Returns Management +7
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-35966 MEDIUM This Month

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Orca Hcm
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32014 MEDIUM PATCH This Month

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sheetjs Sheetjs Pro Rest Data Services
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32013 MEDIUM PATCH This Month

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sheetjs Sheetjs Pro Rest Data Services
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32012 MEDIUM PATCH This Month

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sheetjs Sheetjs Pro Rest Data Services
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-20507 MEDIUM This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35967 MEDIUM This Month

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Orca Hcm
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-29780 MEDIUM This Month

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2021-35968 MEDIUM This Month

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Orca Hcm
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy