Skip to main content
CVE-2021-39144 HIGH POC KEV PATCH THREAT Act Now

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Code Injection Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
98.1%
CVE-2021-24602 HIGH POC This Week

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Hm Multiple Roles
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24565 HIGH POC PATCH This Week

The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress XSS Contact Form 7 Captcha
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24555 HIGH POC This Week

The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi Diary Availability Calendar
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-24506 HIGH POC This Week

The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Slider Hero
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-39291 HIGH POC This Week

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netmodule Router Software
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-39244 HIGH POC This Week

Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nexto Nx3003 Firmware Nexto Nx3004 Firmware Nexto Nx3005 Firmware Nexto Nx3010 Firmware +11
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2021-39152 HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
11.5%
CVE-2021-39150 HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
3.4%
CVE-2021-39154 HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39153 HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java Xstream Fedora +11
NVD GitHub
CVSS 3.1
8.5
EPSS
4.5%
CVE-2021-39151 HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39149 HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39148 HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39147 HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39146 HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
14.3%
CVE-2021-39141 HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
16.1%
CVE-2021-24562 HIGH POC This Week

The LMS by LifterLMS - Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Lifterlms
NVD WPScan
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-39289 HIGH POC This Week

Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netmodule Router Software
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-39245 HIGH POC This Week

Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nexto Nx3003 Firmware Nexto Nx3004 Firmware Nexto Nx3005 Firmware Nexto Nx3010 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-39608 HIGH POC THREAT This Week

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Flatcore Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
45.9%
CVE-2021-24557 HIGH POC This Week

The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi M Vslider
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24554 HIGH POC This Week

The Paytm - Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Paytm Pay
NVD WPScan
CVSS 3.1
7.2
EPSS
5.7%
CVE-2021-24553 HIGH POC This Week

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Timeline Calendar
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-24552 HIGH POC This Week

The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Simple Events Calendar
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-24550 HIGH POC This Week

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Broken Link Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-24497 HIGH POC This Week

The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Giveaway
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-39158 HIGH This Week

NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Nvcaffe
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-39139 HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java Xstream Debian Linux +13
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-39145 HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.1%
CVE-2021-36013 HIGH This Week

Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-28596 HIGH This Week

Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-22449 HIGH This Week

There is a logic vulnerability in Elf-G10HN 1.0.0.608. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elf G10Hn
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-22357 HIGH This Week

There is a denial of service vulnerability in Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service S12700 Firmware S5700 Firmware S6700 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22328 HIGH This Week

There is a denial of service vulnerability in some huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Cloudengine 12800 Firmware Cloudengine 5800 Firmware Cloudengine 6800 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29802 HIGH This Week

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-29704 HIGH This Week

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-39371 HIGH PATCH This Week

An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Owslib Pywps Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-35940 HIGH PATCH This Week

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Portable Runtime Http Server
NVD
CVSS 3.1
7.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy