Skip to main content
CVE-2021-36624 CRITICAL POC Act Now

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Phone Shop Sales Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-35458 CRITICAL POC Act Now

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Pet Shop We App
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-34166 CRITICAL POC Act Now

A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Food Website
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-34165 CRITICAL POC Act Now

A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Basic Shopping Cart
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-25200 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37593 CRITICAL POC Act Now

PEEL Shopping version 9.4.0 allows remote SQL injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Peel Shopping
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
5.2%
CVE-2021-37144 CRITICAL POC Act Now

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Csz Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-35472 HIGH POC PATCH This Week

An issue was discovered in LemonLDAP::NG before 2.0.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lemonldap Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-36621 HIGH POC This Week

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Online Covid Vaccination Scheduler System
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
2.1%
CVE-2021-35193 HIGH POC This Week

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eaglesoft
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-37601 HIGH POC This Week

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prosody
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-36754 HIGH POC THREAT This Week

PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Authoritative Server
NVD
CVSS 3.1
7.5
EPSS
64.9%
CVE-2021-32558 HIGH POC PATCH This Week

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
7.5
EPSS
9.1%
CVE-2021-28966 HIGH POC PATCH THREAT This Week

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Ruby
NVD
CVSS 3.1
7.5
EPSS
57.1%
CVE-2021-20114 HIGH POC This Week

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2021-36766 HIGH POC This Week

Concrete5 through 8.5.5 deserializes Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
3.7%
CVE-2021-31878 MEDIUM POC PATCH This Month

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Asterisk
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-34630 MEDIUM POC This Month

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gtranslate
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-37595 CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37594 CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-30124 CRITICAL PATCH Act Now

The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Vscode Phpmd
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-29781 CRITICAL PATCH Act Now

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization IBM RCE Partner Engagement Manager
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-37600 MEDIUM POC PATCH This Month

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Util Linux Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-36605 MEDIUM POC This Month

engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Engineercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-35479 MEDIUM POC THREAT This Month

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD
CVSS 3.1
5.4
EPSS
13.2%
CVE-2021-35478 MEDIUM POC THREAT This Month

Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD
CVSS 3.1
5.4
EPSS
76.6%
CVE-2021-20112 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20111 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-30483 MEDIUM POC PATCH This Month

isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Isomorphic Git
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-20113 MEDIUM POC This Month

An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-36004 HIGH PATCH This Week

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Indesign
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-34802 HIGH PATCH This Week

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Graph Databse
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-20783 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Optical Bb Unit E Wmta Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29736 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-3636 MEDIUM POC This Month

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2021-36983 HIGH This Week

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Replaysorcery
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-27491 HIGH This Week

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mylife Mylife Cloud
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-36386 HIGH PATCH This Week

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fetchmail Fedora
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32807 HIGH PATCH This Week

The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Python RCE Accesscontrol
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-27495 HIGH This Week

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mylife Mylife Cloud
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2021-32610 HIGH PATCH This Week

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Archive Tar Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
73.4%
CVE-2021-31799 HIGH PATCH This Week

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. Rated high severity (CVSS 7.0). This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Debian Linux Rdoc Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
7.0
EPSS
1.5%
CVE-2021-22521 MEDIUM This Month

A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zenworks Configuration Management Zenworks Endpoint Security Management
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-37587 MEDIUM PATCH This Month

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Charm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28094 MEDIUM This Month

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Documents
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-28093 MEDIUM This Month

OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Documents
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-37746 MEDIUM PATCH This Month

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Claws Mail Sylpheed Fedora
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-37596 MEDIUM PATCH This Month

Telegram Web K Alpha 0.6.1 allows XSS via a document name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Web K Alpha
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20789 MEDIUM This Month

Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Groupsession Groupsession Bycloud Groupsession Zion
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37588 MEDIUM This Month

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charm
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy