Skip to main content
CVE-2021-39352 HIGH POC PATCH THREAT Act Now

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP File Upload Catch Themes Demo Import
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
55.7%
CVE-2021-39321 HIGH POC PATCH This Week

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization WordPress PHP Sassy Social Share
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-20120 HIGH POC This Week

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arris Surfboard Sb8200 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-42716 HIGH POC This Week

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stb Image H Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-41160 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41159 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-41146 HIGH PATCH This Week

qutebrowser is an open source keyboard-focused browser with a minimal GUI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Microsoft Command Injection RCE Qutebrowser
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-41790 HIGH This Week

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-29873 HIGH PATCH This Week

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Spectrum Virtualize Spectrum Virtualize For Public Cloud Storwize V3500 Software +7
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-42097 HIGH PATCH This Week

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Privilege Escalation Mailman Debian Linux
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-35227 HIGH This Week

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Access Rights Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-42108 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42107 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42106 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42105 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42104 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42103 HIGH PATCH This Week

An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42102 HIGH PATCH This Week

An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42101 HIGH PATCH This Week

An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42012 HIGH PATCH This Week

A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-42011 HIGH PATCH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1529 HIGH This Week

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe Ios Xe Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22034 HIGH PATCH This Week

Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Vrealize Operations Tenant
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-23139 HIGH PATCH This Week

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-40122 HIGH This Week

A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meeting Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-34736 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Computing System
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41127 HIGH PATCH This Week

Rasa is an open source machine learning framework to automate text-and voice-based conversations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rasa
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-34743 HIGH This Week

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Webex Meetings
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy