Skip to main content
CVE-2021-37478 CRITICAL POC PATCH Act Now

In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Navigatecms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-37477 CRITICAL POC PATCH Act Now

In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Navigatecms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-37476 CRITICAL POC PATCH Act Now

In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Navigatecms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-37475 CRITICAL POC PATCH Act Now

In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Navigatecms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-37473 CRITICAL POC PATCH Act Now

In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Navigatecms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-18171 HIGH POC This Week

TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Snagit
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2021-37394 HIGH POC This Week

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rpcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-18169 HIGH POC This Week

A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Snagit
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-37576 HIGH POC PATCH This Week

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-32794 HIGH POC PATCH This Week

ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Archisteamfarm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31292 HIGH POC This Week

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service Exiv2 Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32789 HIGH POC PATCH THREAT This Week

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

WordPress SQLi Woocommerce Blocks
NVD GitHub
CVSS 3.1
7.5
EPSS
17.2%
CVE-2021-26824 HIGH POC This Week

DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dm Fingertool
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-32795 MEDIUM POC PATCH This Month

ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Archisteamfarm
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2021-37555 CRITICAL Act Now

TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tx9 Automatic Food Dispenser Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-37393 MEDIUM POC This Month

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-37392 MEDIUM POC This Month

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36563 MEDIUM POC This Month

The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Checkmk
NVD GitHub
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-3664 MEDIUM POC PATCH This Month

url-parse is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Url Parse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-25804 HIGH This Week

A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vlc Media Player
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-33629 HIGH This Week

isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Isula Build
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20337 HIGH PATCH This Week

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-33900 HIGH PATCH This Week

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Directory Studio
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-25803 HIGH This Week

A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Vlc Media Player
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-25802 HIGH PATCH This Week

A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Vlc Media Player
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-25801 HIGH This Week

A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2021-32631 MEDIUM PATCH This Month

Common is a package of common modules that can be accessed by NIMBLE services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Common
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29770 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass I2 Analyze
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-22144 MEDIUM PATCH This Month

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-20431 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analysts Notebook
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21440 MEDIUM This Month

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-32792 MEDIUM PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Mod Auth Openidc Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-36092 MEDIUM This Month

It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32791 MEDIUM PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Mod Auth Openidc Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.5%
CVE-2021-37534 MEDIUM PATCH This Month

app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20560 MEDIUM PATCH This Month

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Sterling Connect Direct User Interface
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-21442 MEDIUM This Month

In the project create screen it's possible to inject malicious JS code to the certain fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Time Accounting
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29767 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analysts Notebook
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-29766 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20430 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-32790 MEDIUM PATCH This Month

Woocommerce is an open source eCommerce plugin for WordPress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

WordPress SQLi Woocommerce
NVD GitHub
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-35030 MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-29784 MEDIUM PATCH This Month

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-29769 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-36091 MEDIUM This Month

Agents are able to list appointments in the calendars without required permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21443 MEDIUM This Month

Agents are able to list customer user emails without required permissions in the bulk action screen. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy