Skip to main content
CVE-2021-41649 CRITICAL POC THREAT Act Now

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping System Advanced
NVD GitHub
CVSS 3.1
9.8
EPSS
51.8%
CVE-2021-40960 CRITICAL POC Act Now

Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Galera Webtemplate
NVD
CVSS 3.1
9.8
EPSS
9.8%
CVE-2021-41110 CRITICAL POC PATCH Act Now

cwlviewer is a web application to view and share Common Workflow Language workflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Cwlviewer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-3825 CRITICAL POC Act Now

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Liderahenk
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2021-41647 CRITICAL POC Act Now

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Food Ordering Web App
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2021-41847 HIGH POC This Week

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Infinias Access Control
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-41648 HIGH POC THREAT This Week

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping System Advanced
NVD GitHub
CVSS 3.1
7.5
EPSS
10.0%
CVE-2021-41459 HIGH POC This Week

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Mp4Box
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41457 HIGH POC This Week

There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Mp4Box
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41456 HIGH POC This Week

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Mp4Box
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-21228 MEDIUM POC This Month

JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jizhicms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-41467 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Justwriting
NVD GitHub
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-41465 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41464 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41463 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41462 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41461 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40975 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40973 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40972 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40971 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40970 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40969 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40968 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40927 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Alfred Spotify Mini Player
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40926 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Getid3
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-40925 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"]. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Faveo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40924 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bugs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40923 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bugs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40922 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bugs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40921 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Detector
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-36298 CRITICAL PATCH Act Now

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Authentication Bypass Isilon Insightiq Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-34352 CRITICAL PATCH Act Now

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Qnap Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-3710 MEDIUM POC This Month

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Apport
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-3709 MEDIUM POC This Month

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Apport
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-29108 HIGH This Week

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Portal For Arcgis
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-3626 HIGH PATCH This Week

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Privilege Escalation Multipass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-38110 HIGH This Week

Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Wordperfect 2020
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-38101 HIGH This Week

CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Photopaint 2020
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-38100 HIGH This Week

Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Photopaint 2020
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-38098 HIGH This Week

Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Fusion
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-38103 HIGH This Week

IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Presentations 2020
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-38099 HIGH This Week

CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Photopaint 2020
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-38096 HIGH This Week

Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Fusion
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2021-38097 HIGH This Week

Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Fusion
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-35297 HIGH This Week

Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dbase Viewer
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-23893 HIGH This Week

Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Drive Encryption
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-3747 HIGH PATCH This Week

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Apple Information Disclosure Multipass
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33626 HIGH This Week

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Insydeh2o Ruggedcom Apr1808 Firmware Simatic Field Pg M5 Firmware Simatic Field Pg M6 Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-36309 MEDIUM PATCH This Month

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Enterprise Sonic Os
NVD
CVSS 3.1
6.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy