Skip to main content
CVE-2021-35296 CRITICAL POC Act Now

An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hg150 Ub Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-41868 CRITICAL POC PATCH Act Now

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-38823 CRITICAL POC Act Now

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icehrm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37333 CRITICAL POC Act Now

Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Booking Core
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41511 CRITICAL POC Act Now

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lodging Reservation Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-40323 CRITICAL POC PATCH THREAT Act Now

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Cobbler
NVD GitHub
CVSS 3.1
9.8
EPSS
88.5%
CVE-2021-41591 CRITICAL POC PATCH Act Now

ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Eclair
NVD GitHub
CVSS 3.1
9.4
EPSS
1.7%
CVE-2021-42006 HIGH POC This Week

An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gclib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-41322 HIGH POC This Week

Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vvx 400 Firmware Vvx 410 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41593 HIGH POC This Week

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lightning Network Daemon
NVD GitHub
CVSS 3.1
8.6
EPSS
1.9%
CVE-2021-24465 HIGH POC This Week

The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Meow Gallery
NVD WPScan
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-40683 HIGH POC This Week

In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Application Access
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22557 HIGH POC PATCH This Week

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Code Injection Slo Generator
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-41285 HIGH POC This Week

Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ballistix Memory Overview Display Utility
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39433 HIGH POC This Week

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Biqsdrive
NVD GitHub
CVSS 3.1
7.5
EPSS
8.4%
CVE-2021-41651 HIGH POC This Week

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-37777 HIGH POC This Week

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Gila Cms
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41878 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Panel Administration System
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
9.9%
CVE-2021-24679 MEDIUM POC This Month

The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bitcoin Altcoin Payment Gateway For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24676 MEDIUM POC This Month

The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Better Find And Replace
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21704 MEDIUM POC This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service PHP Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2021-41100 CRITICAL Act Now

Wire-server is the backing server for the open source wire secure messaging application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Wire Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-41093 CRITICAL PATCH Act Now

Wire is an open source secure messenger. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Wire
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-23857 CRITICAL Act Now

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware Rexroth Indramotion Mlc L25 Firmware Rexroth Indramotion Mlc L45 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-41592 CRITICAL Act Now

Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Lightning
NVD GitHub
CVSS 3.1
9.4
EPSS
1.5%
CVE-2021-39885 MEDIUM POC This Month

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-39486 MEDIUM POC This Month

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Gila Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38822 MEDIUM POC This Month

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Icehrm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-37330 MEDIUM POC This Month

Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Booking Core
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24678 MEDIUM POC This Month

The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tooltip Glossary
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24654 MEDIUM POC This Month

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41867 MEDIUM POC PATCH This Month

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-37331 MEDIUM POC This Month

Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Booking Core
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-21705 MEDIUM POC PATCH This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Clustered Data Ontap Sd Wan Aware
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-32765 HIGH PATCH This Week

Hiredis is a minimalistic C client library for the Redis database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Hiredis Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-32762 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-32626 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow RCE Fedora +4
NVD GitHub
CVSS 3.1
8.8
EPSS
15.1%
CVE-2021-24687 MEDIUM POC This Month

The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24673 MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Appointment Hour Booking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-41869 HIGH This Week

SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-38618 HIGH This Week

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Workforce Management
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-41579 HIGH This Week

LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal SCADA
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-41578 HIGH This Week

mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Mydesigner
NVD GitHub
CVSS 3.1
7.8
EPSS
10.4%
CVE-2021-41103 HIGH PATCH This Week

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Containerd Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-36051 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-38392 HIGH This Week

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2021-41092 HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41118 HIGH PATCH This Week

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Dynamicpagelist3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41099 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service RCE Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-32687 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy