Skip to main content
CVE-2021-22707 CRITICAL POC THREAT Act Now

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
64.6%
CVE-2021-34619 HIGH POC This Week

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Stock Manager For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-22146 HIGH POC THREAT This Week

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
27.8%
CVE-2021-34816 HIGH POC This Week

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Etherpad
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-22145 MEDIUM POC PATCH THREAT This Month

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
76.2%
CVE-2021-23411 MEDIUM POC This Month

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anchorme
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-2447 CRITICAL Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2021-37155 CRITICAL PATCH Act Now

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-2397 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-2394 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
76.6%
CVE-2021-2382 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-22772 CRITICAL Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass T200I Firmware T200E Firmware T200P Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-22730 CRITICAL Act Now

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-22729 CRITICAL Act Now

A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-22727 CRITICAL Act Now

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-2463 CRITICAL Act Now

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Commerce Platform
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-2456 CRITICAL Act Now

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Business Intelligence
NVD
CVSS 3.1
9.8
EPSS
81.4%
CVE-2021-22784 MEDIUM POC THREAT This Month

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass C Bus Toolkit
NVD
CVSS 3.1
5.7
EPSS
12.1%
CVE-2021-2446 CRITICAL Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2021-37220 MEDIUM POC This Month

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mupdf Fedora
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-2355 CRITICAL PATCH Act Now

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2021-32776 HIGH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-32756 HIGH This Week

ManageIQ is an open-source management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Manageiq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-2396 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
35.7%
CVE-2021-2392 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-2391 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
34.7%
CVE-2021-21406 HIGH This Week

Combodo iTop is an open source, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-2349 HIGH PATCH This Week

Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Essbase Administration Services
NVD
CVSS 3.1
8.6
EPSS
1.7%
CVE-2021-23408 MEDIUM POC PATCH This Month

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Graphhopper
NVD GitHub
CVSS 3.1
4.3
EPSS
1.4%
CVE-2021-2436 HIGH This Week

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Common Applications
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2021-2409 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2021-2359 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2021-2435 HIGH This Week

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Essbase Analytic Provider Services
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-2434 HIGH This Week

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Web Applications Desktop Integrator
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2428 HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-2415 HIGH This Week

Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Time And Labor
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-2406 HIGH This Week

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Collaborative Planning
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2405 HIGH This Week

Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Engineering
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2398 HIGH This Week

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Advanced Outbound Telephony
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2395 HIGH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: iCare, Configuration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Hospitality Reporting And Analytics
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-2393 HIGH This Week

Vulnerability in the Oracle E-Records product of Oracle E-Business Suite (component: E-signatures). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Records
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-2365 HIGH PATCH This Week

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: People Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Human Resources
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2364 HIGH PATCH This Week

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Isupplier Portal
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-2363 HIGH PATCH This Week

Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Public Sector Financials
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2362 HIGH PATCH This Week

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Field Service
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-2361 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: SDK client integration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Advanced Inbound Telephony
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2360 HIGH PATCH This Week

Vulnerability in the Oracle Approvals Management product of Oracle E-Business Suite (component: AME Page rendering). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Approvals Management
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-22726 HIGH This Week

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-35482 HIGH This Week

An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Mirrorop Windows Sender
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy