Skip to main content
CVE-2021-39296 CRITICAL POC Act Now

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openbmc
NVD GitHub
CVSS 3.1
10.0
EPSS
3.0%
CVE-2021-32835 CRITICAL POC Act Now

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Keti
NVD GitHub
CVSS 3.1
9.9
EPSS
4.6%
CVE-2021-32834 CRITICAL POC Act Now

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Keti
NVD GitHub
CVSS 3.1
9.9
EPSS
0.9%
CVE-2021-38727 CRITICAL POC Act Now

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fuel Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-38540 CRITICAL POC PATCH THREAT Act Now

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Privilege Escalation Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
80.9%
CVE-2021-38723 HIGH POC This Week

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fuel Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-32833 HIGH POC This Week

Emby Server is a personal media server with apps on many devices. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Information Disclosure Authentication Bypass Emby Releases
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-32836 HIGH POC This Week

ZStack is open source IaaS(infrastructure as a service) software. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Denial Of Service Code Injection Zstack
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2021-38324 HIGH POC This Week

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Sp Rental Manager
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-40222 HIGH POC This Week

Rittal CMC PU III Web management Version affected: V3.11.00_2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cmc Pu Iii 7030 000 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
4.7%
CVE-2021-39459 HIGH POC This Week

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
4.9%
CVE-2021-38721 MEDIUM POC PATCH This Month

FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Fuel Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-39458 MEDIUM POC This Month

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Redaxo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-38325 MEDIUM POC This Month

The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP User Activation Email
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38323 MEDIUM POC This Month

The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Rentpress
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38322 MEDIUM POC This Month

The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Twitter Friends Widget
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38321 MEDIUM POC This Month

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Custom Sub Menus
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38320 MEDIUM POC This Month

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Simplesamlphp Authentication
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-38319 MEDIUM POC This Month

The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS PHP More From Google
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38318 MEDIUM POC This Month

The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP 3D Cover Carousel
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38317 MEDIUM POC This Month

The Konnichiwa!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Konnichiwa
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38316 MEDIUM POC This Month

The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wp Academic People List
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-32724 CRITICAL PATCH Act Now

check-spelling is a github action which provides CI spell checking. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Check Spelling
NVD GitHub
CVSS 3.1
9.9
EPSS
2.3%
CVE-2021-25449 CRITICAL Act Now

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-28913 CRITICAL Act Now

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eibport Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-28911 CRITICAL Act Now

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eibport Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-28909 CRITICAL Act Now

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eibport Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-28495 CRITICAL Act Now

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-26608 CRITICAL Act Now

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hshell
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-38408 CRITICAL Act Now

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2021-37579 CRITICAL PATCH Act Now

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java Dubbo
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-36161 CRITICAL PATCH Act Now

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Dubbo
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-1946 CRITICAL Act Now

Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8017 Firmware Apq8053 Firmware +96
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-1933 CRITICAL Act Now

UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +78
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-40223 MEDIUM POC This Month

Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmc Pu Iii 7030 000 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-28494 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-39206 HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2021-39162 HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2021-34720 HIGH This Week

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2021-34718 HIGH This Week

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xr
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-25461 HIGH This Week

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28498 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28497 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Metamako Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28493 HIGH This Week

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-26603 HIGH This Week

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Ark Library
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-30295 HIGH This Week

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +121
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1952 HIGH This Week

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Aqt1000 Firmware Ar8031 Firmware +105
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1934 HIGH This Week

Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +94
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1909 HIGH This Week

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +324
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34728 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy