Skip to main content
CVE-2021-34619 HIGH POC This Week

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Stock Manager For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-22146 HIGH POC THREAT This Week

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
27.8%
CVE-2021-34816 HIGH POC This Week

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Etherpad
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-32776 HIGH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-32756 HIGH This Week

ManageIQ is an open-source management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Manageiq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-2396 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
35.7%
CVE-2021-2392 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-2391 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
34.7%
CVE-2021-21406 HIGH This Week

Combodo iTop is an open source, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-2349 HIGH PATCH This Week

Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Essbase Administration Services
NVD
CVSS 3.1
8.6
EPSS
1.7%
CVE-2021-2436 HIGH This Week

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Common Applications
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2021-2409 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2021-2359 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2021-2435 HIGH This Week

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Essbase Analytic Provider Services
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-2434 HIGH This Week

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Web Applications Desktop Integrator
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2428 HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-2415 HIGH This Week

Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Time And Labor
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-2406 HIGH This Week

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Collaborative Planning
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2405 HIGH This Week

Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Engineering
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2398 HIGH This Week

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Advanced Outbound Telephony
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2395 HIGH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: iCare, Configuration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Hospitality Reporting And Analytics
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-2393 HIGH This Week

Vulnerability in the Oracle E-Records product of Oracle E-Business Suite (component: E-signatures). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Records
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-2365 HIGH PATCH This Week

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: People Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Human Resources
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2364 HIGH PATCH This Week

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Isupplier Portal
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-2363 HIGH PATCH This Week

Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Public Sector Financials
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2362 HIGH PATCH This Week

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Field Service
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-2361 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: SDK client integration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Advanced Inbound Telephony
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2360 HIGH PATCH This Week

Vulnerability in the Oracle Approvals Management product of Oracle E-Business Suite (component: AME Page rendering). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Approvals Management
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-22726 HIGH This Week

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-35482 HIGH This Week

An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Mirrorop Windows Sender
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25699 HIGH This Week

The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25698 HIGH This Week

The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Standard Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25695 HIGH This Week

The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pcoip
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22777 HIGH This Week

A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Sosafe Configurable
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1099 HIGH PATCH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Information Disclosure Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1098 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1097 HIGH PATCH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Nvidia Information Disclosure Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-2380 HIGH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle File Upload Authentication Bypass Applications Framework
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2021-2458 HIGH This Week

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2021-32761 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Redis RCE Information Disclosure Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
31.0%
CVE-2021-32744 HIGH This Week

Collabora Online is a collaborative online office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Online
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2433 HIGH This Week

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Essbase Analytic Provider Services
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-2431 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2430 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-2423 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-2420 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2419 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2400 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.5
EPSS
83.3%
CVE-2021-2388 HIGH PATCH This Week

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java Openjdk Graalvm +3
NVD
CVSS 3.1
7.5
EPSS
4.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy