Skip to main content
CVE-2021-33543 CRITICAL POC THREAT Emergency

Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
82.1%
CVE-2021-33554 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
7.2
EPSS
57.0%
CVE-2021-33553 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
7.2
EPSS
48.8%
CVE-2021-33552 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
7.2
EPSS
48.8%
CVE-2021-33551 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
7.2
EPSS
48.8%
CVE-2021-33550 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
7.2
EPSS
57.0%
CVE-2021-33549 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware +14
NVD
CVSS 3.1
7.2
EPSS
66.2%
CVE-2021-33548 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
7.2
EPSS
57.0%
CVE-2021-33544 HIGH POC THREAT Act Now

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2241 Firmware +13
NVD
CVSS 3.1
7.2
EPSS
95.5%
CVE-2021-38833 CRITICAL POC Act Now

SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apartment Visitors Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-3666 CRITICAL POC PATCH Act Now

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Xml Body Parser
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-24493 CRITICAL POC Act Now

The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Shopp
NVD WPScan
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-40870 CRITICAL POC KEV THREAT Act Now

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload Controller
NVD
CVSS 3.1
9.8
EPSS
93.0%
CVE-2021-24728 HIGH POC This Week

The Membership & Content Restriction - Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Membership Content Restriction Paid Member Subscriptions
NVD WPScan
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-24727 HIGH POC This Week

The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Stop Bad Bots
NVD WPScan
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-24726 HIGH POC This Week

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Simple Booking Calendar
NVD WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-24620 HIGH POC This Week

The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Simple E Commerce Shopping Cart
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-24491 HIGH POC This Week

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Fileviewer
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-40866 HIGH POC This Week

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Information Disclosure Gc108P Firmware Gc108Pp Firmware Gs108T Firmware +17
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-33362 HIGH POC PATCH This Week

Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-32136 HIGH POC PATCH This Week

Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-41054 HIGH POC PATCH This Week

tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Atftp Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-33547 HIGH POC This Week

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware +14
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-33546 HIGH POC This Week

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware +14
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-33545 HIGH POC This Week

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware +14
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-40867 HIGH POC This Week

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process. Rated high severity (CVSS 7.1). Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Gc108P Firmware Gc108Pp Firmware Gs108T Firmware +17
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-24490 MEDIUM POC This Month

The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Nginx WordPress Email Artillery
NVD WPScan
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-24510 MEDIUM POC This Month

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Mf Gig Calendar
NVD WPScan
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-24508 MEDIUM POC This Month

The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smash Balloon Social Post Feed
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-33361 MEDIUM POC PATCH This Month

Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-32139 MEDIUM POC PATCH This Month

The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-32138 MEDIUM POC PATCH This Month

The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-33366 MEDIUM POC PATCH This Month

Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-33364 MEDIUM POC PATCH This Month

Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-32135 MEDIUM POC PATCH This Month

The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32132 MEDIUM POC PATCH This Month

The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32137 MEDIUM POC PATCH This Month

Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-32134 MEDIUM POC PATCH This Month

The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-24724 MEDIUM POC This Month

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Timetable And Event Schedule
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-24605 MEDIUM POC This Month

The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 (available to authenticated user) does not sanitise or escape user input before outputting it back in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Post View Generator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24523 MEDIUM POC This Month

The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Daily Prayer Time
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29643 MEDIUM POC This Month

PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24623 MEDIUM POC This Month

The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Advanced Ticket System
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24621 MEDIUM POC This Month

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Courses Lms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24619 MEDIUM POC This Month

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Per Page Add To Head
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24614 MEDIUM POC This Month

The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Book Appointment Online
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24725 MEDIUM POC This Month

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Comment Link Remove And Other Comment Tools
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-24586 MEDIUM POC This Month

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Per Page Add To Head
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-24431 MEDIUM POC This Month

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Language Bar Flags
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-41033 HIGH This Week

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Equinox
NVD
CVSS 3.1
8.1
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy