Skip to main content
CVE-2021-38294 CRITICAL POC PATCH THREAT Emergency

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection RCE Storm
NVD
CVSS 3.1
9.8
EPSS
84.5%
CVE-2021-40371 CRITICAL POC Act Now

Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal RCE Request Management
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2021-24884 CRITICAL POC PATCH Act Now

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP CSRF WordPress XSS +1
NVD GitHub WPScan
CVSS 3.1
9.6
EPSS
3.1%
CVE-2021-24487 HIGH POC This Week

The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS St Daily Tip
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-38260 HIGH POC This Week

NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mcuxpresso Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-38258 HIGH POC This Week

NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mcuxpresso Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41145 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41105 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37624 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-24774 HIGH POC This Week

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Check Log Email
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24769 HIGH POC This Week

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Permalink Manager Lite
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24662 HIGH POC This Week

The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Game Server Status
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-21703 HIGH POC PATCH This Week

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running. Rated high severity (CVSS 7.0). Public exploit code available.

PHP Authentication Bypass Debian Linux Fedora Clustered Data Ontap +1
NVD
CVSS 3.1
7.0
EPSS
1.3%
CVE-2021-24779 MEDIUM POC This Month

The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Wp Debugging
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-24885 MEDIUM POC PATCH This Month

The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Yop Poll
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24543 MEDIUM POC This Month

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Jquery Reply To Comment
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-41035 CRITICAL PATCH Act Now

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Openj9
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-40865 CRITICAL PATCH Act Now

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache RCE Storm
NVD
CVSS 3.1
9.8
EPSS
65.6%
CVE-2021-24699 MEDIUM POC This Month

The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Media Download
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24544 MEDIUM POC This Month

The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Motopress Slider Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24414 MEDIUM POC This Month

The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Player For Youtube
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-34864 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-34863 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-34862 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34861 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34859 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Teamviewer
NVD
CVSS 3.1
8.8
EPSS
9.1%
CVE-2021-34857 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-34856 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-24785 MEDIUM POC This Month

The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Great Quotes
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24744 MEDIUM POC This Month

The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24653 MEDIUM POC This Month

The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cookie Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24608 MEDIUM POC PATCH This Month

The Formidable Form Builder - Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Formidable Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24515 MEDIUM POC This Month

The Video Gallery WordPress plugin before 1.1.5 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24514 MEDIUM POC This Month

The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Visual Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24489 MEDIUM POC This Month

The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Request A Quote
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24485 MEDIUM POC This Month

The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Special Textboxes
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24381 MEDIUM POC This Month

The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-41177 HIGH PATCH This Week

Nextcloud is an open-source, self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud PHP Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-39225 HIGH PATCH This Week

Nextcloud is an open-source, self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Deck
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-34854 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0936 HIGH This Week

In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0631 HIGH This Week

In wifi driver, there is a possible system crash due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-0630 HIGH This Week

In wifi driver, there is a possible system crash due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-40527 HIGH This Week

Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Peloton
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-0941 MEDIUM This Month

In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0940 MEDIUM This Month

In TBD of TBD, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0935 MEDIUM This Month

In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0663 MEDIUM This Month

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2021-0662 MEDIUM This Month

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2021-0661 MEDIUM This Month

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy