Skip to main content
CVE-2021-42228 HIGH POC This Week

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Kindeditor
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-22964 HIGH POC PATCH This Week

A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Denial Of Service Fastify Static
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-19961 HIGH POC This Week

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Zzcms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-37933 HIGH POC This Week

An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Huntflow Enterprise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-42341 HIGH POC PATCH This Week

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Openrc
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-42369 HIGH This Week

Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Imagicle Uc Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-38346 HIGH This Week

The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Path Traversal PHP Brizy Page Builder
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-33177 HIGH This Week

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
9.8%
CVE-2021-40854 HIGH This Week

AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Anydesk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42340 HIGH PATCH This Week

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Denial Of Service Hci Management Services For Element Software +15
NVD
CVSS 3.1
7.5
EPSS
11.0%
CVE-2021-36389 HIGH This Week

In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yellowfin
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-36388 HIGH This Week

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yellowfin
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-20599 HIGH This Week

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure R08Sfcpu Firmware R16Sfcpu Firmware R32Sfcpu Firmware R120Sfcpu Firmware +4
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-38295 HIGH This Week

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apache XSS Couchdb
NVD
CVSS 3.1
7.3
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy