Skip to main content
CVE-2021-22910 CRITICAL POC Act Now

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-24507 CRITICAL POC THREAT Act Now

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Astra
NVD WPScan
CVSS 3.1
9.8
EPSS
11.0%
CVE-2021-24499 CRITICAL POC THREAT Act Now

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Workreap
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
60.1%
CVE-2021-32798 CRITICAL POC PATCH Act Now

The Jupyter notebook is a web-based notebook environment for interactive computing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE XSS Notebook
NVD GitHub
CVSS 3.1
9.6
EPSS
2.1%
CVE-2021-32797 CRITICAL POC PATCH Act Now

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Jupyterlab
NVD GitHub
CVSS 3.1
9.6
EPSS
2.6%
CVE-2021-33256 HIGH POC THREAT This Week

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Code Injection Manageengine Adselfservice Plus
NVD
CVSS 3.1
8.8
EPSS
79.0%
CVE-2021-24520 HIGH POC This Week

The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Out Of Stock Message For Woocommerce
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-38290 HIGH POC PATCH This Week

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PHP Information Disclosure Fuel Cms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-24501 HIGH POC This Week

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Workreap
NVD WPScan
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-24500 HIGH POC This Week

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Workreap
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-38311 HIGH POC This Week

In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Contiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-36798 HIGH POC This Week

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cobalt Strike
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-24521 HIGH POC This Week

The Side Menu Lite - add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Side Menu
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-24467 MEDIUM POC This Month

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Leaflet Map
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-37573 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Tiny Java Web Server
NVD
CVSS 3.1
6.1
EPSS
3.4%
CVE-2021-24522 MEDIUM POC This Month

The User Registration, User Profile, Login & Membership - ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilepress
NVD WPScan
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-24495 MEDIUM POC This Month

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Marmoset Viewer
NVD WPScan
CVSS 3.1
6.1
EPSS
2.9%
CVE-2021-24304 MEDIUM POC This Month

The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsmag
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-21564 CRITICAL PATCH Act Now

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Authentication Bypass Openmanage Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-37788 MEDIUM POC This Month

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testrail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-24509 MEDIUM POC This Month

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Page View Count
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24505 MEDIUM POC This Month

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-21596 HIGH PATCH This Week

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell RCE Information Disclosure Openmanage Enterprise Openmanage Enterprise Modular
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-37214 HIGH This Week

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flygo
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-24502 MEDIUM POC This Month

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Wp Maps
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-38305 HIGH PATCH This Week

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Python File Upload RCE Yamale
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-36277 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell RCE Jwt Attack Alienware Command Center Application Command Update +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-36276 HIGH PATCH This Week

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Denial Of Service Information Disclosure Authentication Bypass Dbutildrv2 Sys Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21585 HIGH PATCH This Week

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Dell Command Injection Openmanage Enterprise
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-21584 MEDIUM PATCH This Month

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Openmanage Enterprise Openmanage Enterprise Modular
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29714 MEDIUM This Month

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Content Navigator
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37634 MEDIUM This Month

Leafkit is a templating language with Swift-inspired syntax. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leafkit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-37633 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34660 MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Wp Fusion
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37615 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-34335 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37622 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37621 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37620 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37619 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37618 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37616 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37623 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-34334 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-32815 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37212 MEDIUM This Month

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flygo
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37211 MEDIUM This Month

The bulletin function of Flygo does not filter special characters while a new announcement is added. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flygo
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20349 MEDIUM This Month

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption Tivoli Workload Scheduler
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-34661 MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Wp Fusion
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2021-25954 MEDIUM PATCH This Month

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Dolibarr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy