Skip to main content
CVE-2021-39352 HIGH POC PATCH THREAT Act Now

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP File Upload Catch Themes Demo Import
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
55.7%
CVE-2021-39321 HIGH POC PATCH This Week

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization WordPress PHP Sassy Social Share
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-20120 HIGH POC This Week

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arris Surfboard Sb8200 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42716 HIGH POC This Week

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stb Image H Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-41168 MEDIUM POC PATCH This Month

Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service Snudown
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-35512 MEDIUM POC This Month

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SSRF Manageengine Applications Manager
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-28975 MEDIUM POC This Month

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Mailster
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-40719 CRITICAL Act Now

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Adobe Connect
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2021-42740 CRITICAL PATCH Act Now

The shell-quote package before 1.7.3 for Node.js allows command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Node.js Command Injection Shell Quote
NVD GitHub
CVSS 3.1
9.8
EPSS
4.3%
CVE-2021-39357 MEDIUM POC PATCH This Month

The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Leaky Paywall
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39356 MEDIUM POC This Month

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Content Staging
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-39354 MEDIUM POC PATCH This Month

The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Easy Digital Downloads
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39348 MEDIUM POC PATCH This Month

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Learnpress
NVD GitHub
CVSS 3.1
4.8
EPSS
5.0%
CVE-2021-39328 MEDIUM POC PATCH This Month

The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Simple Job Board
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-41160 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41159 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-41146 HIGH PATCH This Week

qutebrowser is an open source keyboard-focused browser with a minimal GUI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Microsoft Command Injection RCE Qutebrowser
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-41790 HIGH This Week

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-29873 HIGH PATCH This Week

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Spectrum Virtualize Spectrum Virtualize For Public Cloud Storwize V3500 Software +7
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-42097 HIGH PATCH This Week

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Privilege Escalation Mailman Debian Linux
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-35227 HIGH This Week

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Access Rights Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-42108 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42107 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42106 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42105 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42104 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42103 HIGH PATCH This Week

An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42102 HIGH PATCH This Week

An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42101 HIGH PATCH This Week

An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42012 HIGH PATCH This Week

A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-42011 HIGH PATCH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1529 HIGH This Week

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe Ios Xe Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22034 HIGH PATCH This Week

Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Vrealize Operations Tenant
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-23139 HIGH PATCH This Week

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-40122 HIGH This Week

A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meeting Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-34736 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Computing System
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41127 HIGH PATCH This Week

Rasa is an open source machine learning framework to automate text-and voice-based conversations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rasa
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-34743 HIGH This Week

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Webex Meetings
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-42327 MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd Memory Corruption Linux Kernel +9
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-28496 MEDIUM This Month

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-40123 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-39126 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Atlassian Information Disclosure Jira Data Center Jira Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-35225 MEDIUM This Month

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Performance Monitor
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2021-36869 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ivory Search
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34738 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-42715 MEDIUM This Month

An issue was discovered in stb stb_image.h 1.33 through 2.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stb Image H Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-27746 MEDIUM This Month

"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41791 MEDIUM This Month

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Community Share Share
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41792 MEDIUM This Month

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Alfresco Content Services Alfresco Transform Services
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-39127 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.3
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy