Skip to main content
CVE-2021-35464 CRITICAL POC KEV THREAT Emergency

ForgeRock AM (Access Management) before version 7.0 contains a Java deserialization vulnerability in the jato.pageSession parameter enabling unauthenticated remote code execution via a single HTTP request.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2021-36934 HIGH POC KEV PATCH THREAT Act Now

Windows contains an elevation of privilege vulnerability known as 'HiveNightmare' or 'SeriousSAM' where overly permissive ACLs on SAM, SYSTEM, and SECURITY registry hive shadow copies allow standard users to extract credentials.

NVD
CVSS 3.1
7.8
EPSS
90.1%
Threat
9.3
CVE-2021-33032 CRITICAL POC THREAT Act Now

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
10.0
EPSS
52.2%
CVE-2021-25213 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-25211 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25205 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-31580 CRITICAL POC Act Now

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Ova Appliance Provisioning Manager
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-31579 CRITICAL POC Act Now

Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ova Appliance Provisioning Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-26223 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-25212 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Alumni Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26226 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-25202 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sales And Inventory System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26232 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple College Website
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-26231 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fantastic Blog Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26229 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26228 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26765 CRITICAL POC Act Now

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-26764 HIGH POC This Week

SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-26762 HIGH POC This Week

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-30486 HIGH POC This Week

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sysaid
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29657 HIGH POC PATCH This Week

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Linux Amd Authentication Bypass Linux Kernel
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-3540 HIGH POC This Week

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Mobileiron
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2021-3198 HIGH POC This Week

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ivanti Mobileiron
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2021-34262 MEDIUM POC This Month

A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stm32Cube Middleware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-34260 MEDIUM POC This Month

A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stm32Cube Middleware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-34259 MEDIUM POC This Month

A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stm32Cube Middleware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-27332 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Casap Automated Enrollment System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-32786 MEDIUM POC PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Apache Mod Auth Openidc Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2021-26224 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fantastic Blog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-25197 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Content Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-26698 MEDIUM POC This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-26230 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-26227 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-30049 MEDIUM POC This Month

SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sysaid
NVD
CVSS 3.1
6.1
EPSS
2.5%
CVE-2021-25209 CRITICAL Act Now

SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Theme Park Ticketing System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-25210 CRITICAL Act Now

Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Alumni Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-35522 CRITICAL PATCH Act Now

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Information Disclosure Morphowave Compact Mdpi Firmware +9
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-35942 CRITICAL Act Now

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Glibc Active Iq Unified Manager E Series Santricity Os Controller +4
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2021-1518 HIGH PATCH This Week

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Cisco RCE Code Injection Firepower Device Manager On Box
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-34268 MEDIUM POC This Month

An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stm32Cube Middleware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-34267 MEDIUM POC This Month

An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stm32Cube Middleware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-34261 MEDIUM POC This Month

An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stm32Cube Middleware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-31581 MEDIUM POC This Month

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ova Appliance Provisioning Manager
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2021-1601 HIGH PATCH This Week

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Intersight Virtual Appliance
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2021-1600 HIGH PATCH This Week

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Intersight Virtual Appliance
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2021-1089 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Information Disclosure Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22523 HIGH This Week

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Verastream Host Integrator
NVD
CVSS 3.1
7.6
EPSS
0.8%
CVE-2021-32785 HIGH PATCH This Week

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis Apache Denial Of Service RCE Mod Auth Openidc +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-36222 HIGH PATCH This Week

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Debian Linux Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
7.5
EPSS
10.3%
CVE-2021-35063 HIGH This Week

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy