Skip to main content
CVE-2021-24487 HIGH POC This Week

The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS St Daily Tip
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-38260 HIGH POC This Week

NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mcuxpresso Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-38258 HIGH POC This Week

NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mcuxpresso Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41145 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41105 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37624 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-24774 HIGH POC This Week

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Check Log Email
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24769 HIGH POC This Week

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Permalink Manager Lite
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24662 HIGH POC This Week

The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Game Server Status
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-21703 HIGH POC PATCH This Week

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running. Rated high severity (CVSS 7.0). Public exploit code available.

PHP Authentication Bypass Debian Linux Fedora Clustered Data Ontap +1
NVD
CVSS 3.1
7.0
EPSS
1.3%
CVE-2021-34864 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-34863 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-34862 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34861 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link RCE Stack Overflow Dap 2020 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34859 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Teamviewer
NVD
CVSS 3.1
8.8
EPSS
9.1%
CVE-2021-34857 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-34856 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-41177 HIGH PATCH This Week

Nextcloud is an open-source, self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud PHP Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-39225 HIGH PATCH This Week

Nextcloud is an open-source, self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Deck
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-34854 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0936 HIGH This Week

In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0631 HIGH This Week

In wifi driver, there is a possible system crash due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-0630 HIGH This Week

In wifi driver, there is a possible system crash due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-40527 HIGH This Week

Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Peloton
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy