Skip to main content
CVE-2021-40670 CRITICAL POC Act Now

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-40669 CRITICAL POC Act Now

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-41314 HIGH POC THREAT This Week

Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Code Injection Gc108P Firmware Gc108Pp Firmware Gs108T Firmware +17
NVD
CVSS 3.1
8.8
EPSS
13.6%
CVE-2021-39275 CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Http Server Fedora +8
NVD
CVSS 3.1
9.8
EPSS
36.3%
CVE-2021-39214 CRITICAL PATCH Act Now

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Mitmproxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27341 CRITICAL PATCH Act Now

OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-39208 MEDIUM POC PATCH This Month

SharpCompress is a fully managed C# library to deal with many compression types and formats. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Sharpcompress
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-29825 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41079 HIGH PATCH This Week

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache OpenSSL Denial Of Service Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2021-39239 HIGH PATCH This Week

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Jena
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-36160 HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Http Server Fedora +10
NVD
CVSS 3.1
7.5
EPSS
62.9%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2021-39128 HIGH This Week

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ssti RCE Atlassian Java Jira Data Center +1
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2021-40067 MEDIUM This Month

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mobility
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-34572 MEDIUM This Month

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ewm
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-34571 MEDIUM This Month

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ewm
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-27340 MEDIUM PATCH This Month

OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-34573 MEDIUM This Month

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ewm
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29842 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-40066 MEDIUM This Month

The access controls on the Mobility read-only API improperly validate user access permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mobility
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-29763 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2021-29752 MEDIUM This Month

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Db2
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2021-34576 MEDIUM This Month

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Picoflux Air Firmware
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy