Skip to main content
CVE-2021-36879 CRITICAL POC Act Now

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Ulisting
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-24666 CRITICAL POC PATCH Act Now

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress SQLi Podlove Podcast Publisher
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
9.4%
CVE-2021-20034 CRITICAL POC THREAT Act Now

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
80.7%
CVE-2021-3819 HIGH POC PATCH This Week

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-41097 HIGH POC PATCH This Week

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Aurelia Path
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2021-3828 HIGH POC PATCH This Week

nltk is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nltk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-3822 HIGH POC PATCH This Week

jsoneditor is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jsoneditor
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3820 HIGH POC PATCH This Week

inflect is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Inflect
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-40981 HIGH POC This Week

ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Armoury Crate Lite Service
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-36134 MEDIUM POC This Month

Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Vision Pro
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-41329 MEDIUM POC This Month

Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seq
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-31604 MEDIUM POC This Month

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Openvpn Monitor
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-23445 MEDIUM POC PATCH This Month

This affects the package datatables.net before 1.11.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Datatables Net
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-24632 MEDIUM POC This Month

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Recipe Card Blocks For Gutenberg Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37270 CRITICAL Act Now

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cms Enterprise Website Construction System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41558 CRITICAL Act Now

The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Set User
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-40329 CRITICAL Act Now

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-37761 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-36880 CRITICAL Act Now

Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Ulisting
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-37539 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
93.4%
CVE-2021-36219 CRITICAL PATCH Act Now

An issue was discovered in SKALE sgxwallet 1.58.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Sgxwallet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-34416 CRITICAL Act Now

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Meeting Connector Recording Connector Virtual Room Connector Virtual Room Connector Load Balancer
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-33907 CRITICAL Act Now

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Meetings
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-40098 CRITICAL Act Now

An issue was discovered in Concrete CMS through 8.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-38299 CRITICAL PATCH Act Now

Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webauthn Framwork
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-34351 CRITICAL Act Now

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-34348 CRITICAL Act Now

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-24671 MEDIUM POC This Month

The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mx Time Zone Clocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24670 MEDIUM POC This Month

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Coolclock
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24643 MEDIUM POC This Month

The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Map Block
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24634 MEDIUM POC This Month

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Recipe Card Blocks For Gutenberg Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22272 CRITICAL Act Now

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Mybuildings Mybusch Jaeger
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2021-3799 MEDIUM POC PATCH This Month

grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav Plugin Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-3818 MEDIUM POC PATCH This Month

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Grav
NVD GitHub
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-37274 HIGH This Week

Kingdee KIS Professional Edition has a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kis Cloud
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36876 HIGH This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Ulisting
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-36874 HIGH This Week

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Ulisting
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-24610 MEDIUM POC This Month

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Translatepress
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
5.4%
CVE-2021-24569 MEDIUM POC This Month

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cookie Notice Compliance For Gdpr Ccpa
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-40108 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Concrete Cms
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-40097 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Concrete Cms
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-39826 HIGH PATCH This Week

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Adobe Digital Editions
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2021-37786 MEDIUM POC This Month

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft Denial Of Service Covid Certificate
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-24633 MEDIUM POC This Month

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Countdown Block
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-40709 HIGH This Week

Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop 2021
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2021-40703 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-40702 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-40701 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-40700 HIGH PATCH This Week

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Premiere Elements
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2021-39825 HIGH PATCH This Week

Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Photoshop Elements
NVD
CVSS 3.1
7.8
EPSS
1.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy