Skip to main content
CVE-2021-33256 HIGH POC THREAT This Week

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Code Injection Manageengine Adselfservice Plus
NVD
CVSS 3.1
8.8
EPSS
79.0%
CVE-2021-24520 HIGH POC This Week

The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Out Of Stock Message For Woocommerce
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-38290 HIGH POC PATCH This Week

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PHP Information Disclosure Fuel Cms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-24501 HIGH POC This Week

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Workreap
NVD WPScan
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-24500 HIGH POC This Week

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Workreap
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-38311 HIGH POC This Week

In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Contiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-36798 HIGH POC This Week

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cobalt Strike
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-24521 HIGH POC This Week

The Side Menu Lite - add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Side Menu
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-21596 HIGH PATCH This Week

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell RCE Information Disclosure Openmanage Enterprise Openmanage Enterprise Modular
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-37214 HIGH This Week

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flygo
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-38305 HIGH PATCH This Week

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Python File Upload RCE Yamale
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-36277 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell RCE Jwt Attack Alienware Command Center Application Command Update +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-36276 HIGH PATCH This Week

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Denial Of Service Information Disclosure Authentication Bypass Dbutildrv2 Sys Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21585 HIGH PATCH This Week

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Dell Command Injection Openmanage Enterprise
NVD
CVSS 3.1
7.2
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy