Skip to main content
CVE-2021-23412 CRITICAL POC Act Now

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gitlogplus
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-25208 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25206 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Responsive Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25203 CRITICAL POC Act Now

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Victor Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25207 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Commerce Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25808 HIGH POC This Week

A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Bludit
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-25201 HIGH POC This Week

SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Learning Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-26799 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Omeka
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-3169 CRITICAL Act Now

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jumpserver
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-24036 CRITICAL PATCH Act Now

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution.07.22.00.80.5, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Folly Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-25791 MEDIUM POC This Month

Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Doctor Appointment System Php Full Source Code
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2021-25790 MEDIUM POC This Month

Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS House Rental And Property Listing Php
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-3159 MEDIUM POC This Month

A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Landray Ekp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-25204 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce Website
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-25809 MEDIUM POC This Month

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ucms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20333 MEDIUM POC This Month

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.6 versions prior to 3.6.20; MongoDB Server v4.0 versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-32783 HIGH PATCH This Week

Contour is a Kubernetes ingress controller using Envoy proxy. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Denial Of Service Contour
NVD GitHub
CVSS 3.1
8.5
EPSS
1.2%
CVE-2021-32686 MEDIUM PATCH This Month

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Race Condition Pjsip Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy