Skip to main content
CVE-2021-20837 CRITICAL POC THREAT Act Now

Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Movable Type
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
88.1%
CVE-2021-34584 CRITICAL POC Act Now

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow 750 823 Firmware 750 829 Firmware 750 831 Firmware 750 832 Firmware +24
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-37364 HIGH POC This Week

OpenClinic GA 5.194.18 is affected by Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openclinic Ga
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-37363 HIGH POC This Week

An Insecure Permissions issue exists in Gestionale Open 11.00.00. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gestionale Open
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-41078 HIGH POC PATCH This Week

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Nameko
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-40343 HIGH POC This Week

An issue was discovered in Nagios XI 5.8.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nagios Xi
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-41158 HIGH POC PATCH This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-34593 HIGH POC This Week

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 750 8202 Firmware 750 8203 Firmware 750 8204 Firmware 750 8206 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-34586 HIGH POC THREAT This Week

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service 750 823 Firmware 750 829 Firmware 750 831 Firmware +25
NVD
CVSS 3.1
7.5
EPSS
13.1%
CVE-2021-34585 HIGH POC This Week

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 750 823 Firmware 750 829 Firmware 750 831 Firmware 750 832 Firmware +24
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-34583 HIGH POC This Week

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow 750 8214 Firmware 750 8216 Firmware 750 8217 Firmware +25
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2021-40345 HIGH POC THREAT This Week

An issue was discovered in Nagios XI 5.8.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nagios Xi
NVD GitHub
CVSS 3.1
7.2
EPSS
23.0%
CVE-2021-40344 HIGH POC THREAT This Week

An issue was discovered in Nagios XI 5.8.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nagios Xi
NVD
CVSS 3.1
7.2
EPSS
66.2%
CVE-2021-41183 MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +24
NVD GitHub
CVSS 3.1
6.1
EPSS
7.9%
CVE-2021-41182 MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H500s Firmware H700s Firmware +25
NVD GitHub
CVSS 3.1
6.1
EPSS
42.2%
CVE-2021-41873 CRITICAL Act Now

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Penguin Aurora Box Firmware
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2021-37371 CRITICAL Act Now

Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Student Admission System
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-26607 CRITICAL Act Now

An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexacro
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-42343 CRITICAL PATCH Act Now

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE Dask
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-41175 MEDIUM POC PATCH This Month

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Web Interface
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41172 MEDIUM POC This Month

AS_Redis is an AntSword plugin for Redis. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis RCE XSS Antsword Redis
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-41157 MEDIUM POC PATCH This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freeswitch
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-37372 HIGH This Week

Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Online Student Admission System
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2021-34595 HIGH This Week

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 823 Firmware 750 829 Firmware 750 831 Firmware +27
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-23877 HIGH This Week

Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE Total Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26609 HIGH This Week

A vulnerability was found in Mangboard(WordPress plugin). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Mang Board
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-41307 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Server Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41306 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Server Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41305 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41185 MEDIUM PATCH This Month

Mycodo is an environmental monitoring and regulation system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Mycodo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-34596 MEDIUM This Month

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure 750 823 Firmware 750 829 Firmware 750 831 Firmware +27
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-41308 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-41184 MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +23
NVD GitHub
CVSS 3.1
6.1
EPSS
44.5%
CVE-2021-41304 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41173 MEDIUM PATCH This Month

Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
5.7
EPSS
1.2%
CVE-2021-41866 MEDIUM PATCH This Month

MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mybb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35499 MEDIUM This Month

The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nimbus
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41188 MEDIUM PATCH This Month

Shopware is open source e-commerce software. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Nginx XSS Shopware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy