Skip to main content
CVE-2021-24684 HIGH POC This Week

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Command Injection Pdf Light Viewer
NVD WPScan
CVSS 3.1
8.8
EPSS
4.3%
CVE-2021-21797 HIGH POC THREAT This Week

An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
15.0%
CVE-2021-21796 HIGH POC THREAT This Week

An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
15.8%
CVE-2021-36513 HIGH POC This Week

An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-24754 HIGH POC This Week

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Mainwp Child Reports
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-41155 HIGH PATCH This Week

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Tuleap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-41154 HIGH PATCH This Week

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Tuleap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-41971 HIGH PATCH This Week

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Superset
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-42098 HIGH This Week

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Remote Desktop Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-38442 HIGH This Week

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Winproladder
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-38438 HIGH This Week

A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Winproladder
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-38436 HIGH This Week

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Winproladder
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-38434 HIGH This Week

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Winproladder
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-38430 HIGH This Week

FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Winproladder
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-38426 HIGH This Week

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Winproladder
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-41152 HIGH PATCH This Week

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Openolat
NVD GitHub
CVSS 3.1
7.7
EPSS
1.2%
CVE-2021-41991 HIGH PATCH This Week

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Strongswan Debian Linux Fedora +22
NVD GitHub
CVSS 3.1
7.5
EPSS
4.8%
CVE-2021-41990 HIGH This Week

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Strongswan Debian Linux Fedora +17
NVD GitHub
CVSS 3.1
7.5
EPSS
6.5%
CVE-2021-41611 HIGH PATCH This Week

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Squid Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-38562 HIGH PATCH This Week

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Request Tracker Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy