Skip to main content
CVE-2021-24472 CRITICAL POC THREAT Act Now

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Kentharadio Onair2
NVD WPScan
CVSS 3.1
9.8
EPSS
56.6%
CVE-2021-34637 HIGH POC This Week

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Post Index
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-34632 HIGH POC This Week

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Seo Backlinks
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-34628 HIGH POC This Week

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Admin Custom Login
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-37840 HIGH POC This Week

aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Mozilla Aapanel
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-24492 HIGH POC This Week

The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Handsome Testimonials Reviews
NVD WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-24463 HIGH POC This Week

The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Image Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24462 HIGH POC This Week

The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays - Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Photo Gallery
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24461 HIGH POC This Week

The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Faq Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24460 HIGH POC This Week

The get_fb_likeboxes() function in the Popup Like box - Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Popup Box
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24459 HIGH POC This Week

The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Survey Maker
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24458 HIGH POC This Week

The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Popup Box
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24457 HIGH POC This Week

The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Portfolio Responsive Gallery
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21866 HIGH POC PATCH This Week

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-21864 HIGH POC PATCH This Week

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-27943 HIGH POC This Week

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure P65 F1 Firmware E50X E1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37848 HIGH POC PATCH This Week

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Barebox
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-37847 HIGH POC PATCH This Week

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Barebox
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3673 HIGH POC This Week

A vulnerability was found in Radare2 in version 5.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Radare2 Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-33198 HIGH POC PATCH This Week

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-33196 HIGH POC PATCH This Week

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Go Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-33195 HIGH POC PATCH This Week

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Go Cloud Insights Telegraf Agent
NVD
CVSS 3.1
7.3
EPSS
3.2%
CVE-2021-24484 HIGH POC This Week

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Secure Copy Content Protection And Content Locking
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24483 HIGH POC This Week

The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Poll Maker
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-24430 HIGH POC This Week

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Code Injection Speed Booster Pack
NVD WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-34635 MEDIUM POC This Month

The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Poll Maker
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37216 MEDIUM POC This Month

QSAN Storage Manager header page parameters does not filter special characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xn8024R Firmware Xn8008T Firmware
NVD
CVSS 3.1
6.1
EPSS
3.2%
CVE-2021-24504 MEDIUM POC This Month

The WP LMS - Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Wp Learn Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24498 MEDIUM POC This Month

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Calendar Event Multi View
NVD WPScan
CVSS 3.1
6.1
EPSS
3.1%
CVE-2021-24496 MEDIUM POC This Month

The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Community Events
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24488 MEDIUM POC THREAT This Month

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Grid
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
11.2%
CVE-2021-24477 MEDIUM POC This Month

The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Migrate Users
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-37843 CRITICAL Act Now

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Saml Single Sign On
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-32810 CRITICAL PATCH Act Now

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Crossbeam Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-22444 CRITICAL Act Now

There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Code Injection Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22438 CRITICAL Act Now

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22390 CRITICAL Act Now

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Emui +1
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22389 CRITICAL Act Now

There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-22388 CRITICAL Act Now

There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22387 CRITICAL Act Now

There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-37167 CRITICAL Act Now

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-37164 CRITICAL Act Now

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-37163 CRITICAL Act Now

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-37162 CRITICAL Act Now

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-37161 CRITICAL Act Now

A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-37160 CRITICAL Act Now

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jwt Attack Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-37165 CRITICAL Act Now

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-33527 CRITICAL Act Now

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mbdialup
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-22552 MEDIUM POC PATCH This Month

An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Asylo
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-24503 MEDIUM POC This Month

The Popular Brand Icons - Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popular Brand Icons Simple Icons
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy