Skip to main content
CVE-2021-32268 HIGH POC PATCH This Week

Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-38300 HIGH POC PATCH This Week

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux RCE Linux Kernel Cloud Backup H410c Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-39229 HIGH POC PATCH This Week

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apprise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-39402 HIGH POC This Week

MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Maianaffiliate
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24663 HIGH POC This Week

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Simple Schools Staff Directory
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-24511 HIGH POC This Week

The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Product Feed On Woocommerce
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24403 HIGH POC This Week

The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpagecontact
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24402 HIGH POC This Week

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Icommerce
NVD WPScan
CVSS 3.1
7.2
EPSS
4.5%
CVE-2021-24401 HIGH POC This Week

The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Domain Redirect
NVD WPScan
CVSS 3.1
7.2
EPSS
4.5%
CVE-2021-24400 HIGH POC This Week

The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Display Users
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24399 HIGH POC This Week

The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi The Sorter
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24398 HIGH POC This Week

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Responsive 3D Slider
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24397 HIGH POC This Week

The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Microcopy
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24396 HIGH POC This Week

A pageid GET parameter of the GSEOR - WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gseor
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-41083 HIGH PATCH This Week

Dada Mail is a web-based e-mail list management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Dada Mail
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-25741 HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
6.5%
CVE-2020-21468 HIGH This Week

A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Redis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41082 HIGH PATCH This Week

Discourse is a platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32838 HIGH PATCH This Week

Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Flask Restx Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-32839 HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Sqlparse
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy