Skip to main content
CVE-2021-29004 HIGH POC This Week

rConfig 3.9.6 is affected by SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rconfig
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-29005 HIGH POC This Week

Insecure permission of chmod command on rConfig server 3.9.6 exists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Rconfig
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-39317 HIGH POC PATCH This Week

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Authentication Bypass Access Demo Importer Accesspress Lite +41
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-24711 HIGH POC This Week

The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Software License Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24546 HIGH POC This Week

The Gutenberg Block Editor Toolkit - EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Code Injection Editorskit
NVD WPScan
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-40884 HIGH POC This Week

Projectsend version r1295 is affected by sensitive information disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Authentication Bypass Projectsend
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-42260 HIGH POC This Week

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tinyxml Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-24651 HIGH POC This Week

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Poll Maker
NVD WPScan
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41055 HIGH POC This Week

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gajim
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-40189 HIGH POC This Week

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Phpfusion
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-40188 HIGH POC This Week

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Phpfusion
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-20122 HIGH POC This Week

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Prv65B444A S Ts Firmware
NVD
CVSS 3.1
7.2
EPSS
6.5%
CVE-2021-42257 HIGH POC This Week

check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Check Smart
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-41801 HIGH PATCH This Week

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-42135 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation Hashicorp Vault
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-42252 HIGH PATCH This Week

An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel H300s Firmware H500s Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-27002 HIGH PATCH This Week

NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25633 HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-27665 HIGH This Week

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Exacqvision Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41832 HIGH This Week

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41830 HIGH This Week

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41799 HIGH This Week

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-0583 HIGH This Week

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy