Skip to main content
CVE-2021-34634 HIGH POC This Week

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Sola Newsletters
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-34633 HIGH POC This Week

The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Youtube Feeder
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-21893 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-21870 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-21831 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-29972 HIGH POC This Week

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29970 HIGH POC This Week

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-28216 HIGH POC This Week

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edk Ii
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-35326 HIGH POC This Week

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-35325 HIGH POC THREAT This Week

A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption A720R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.3%
CVE-2021-26586 HIGH POC This Week

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edgeline Infrastructure Management
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-38095 HIGH POC This Week

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spigit
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-34639 HIGH This Week

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP File Upload Download Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-22517 HIGH This Week

A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Data Protector
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-37614 HIGH PATCH This Week

In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Microsoft Moveit Transfer
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-34631 HIGH This Week

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Newsplugin
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29977 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 89. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29976 HIGH This Week

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-29973 HIGH This Week

Password autofill was enabled without user interaction on insecure websites on Firefox for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-23849 HIGH This Week

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cpp4 Firmware Cpp6 Firmware Aviotec Firmware Cpp7 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-3682 HIGH PATCH This Week

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
8.5
EPSS
2.9%
CVE-2021-37632 HIGH This Week

SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Config Lib
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-22927 HIGH This Week

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Citrix Session Fixation Application Delivery Controller Firmware Gateway +1
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-32581 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cyber Protect Cloud Cyber Protection Agent True Image
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-22928 HIGH PATCH This Week

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Citrix Virtual Apps And Desktops Xenapp +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32580 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32579 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Microsoft Authentication Bypass True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32578 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32577 HIGH This Week

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32576 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21863 HIGH PATCH This Week

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-3580 HIGH PATCH This Week

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nettle Enterprise Linux Debian Linux Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-37156 HIGH This Week

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22919 HIGH This Week

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware Gateway Netscaler Gateway +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20592 HIGH This Week

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Softgot2000 Got2000 Gt27 Firmware Got2000 Gt25 Firmware Got2000 Gt23 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-1630 HIGH This Week

XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Mule
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-37625 HIGH PATCH This Week

Skytable is an open source NoSQL database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Skytable
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37605 HIGH This Week

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Miwi
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-37604 HIGH This Week

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Miwi
NVD
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy