Skip to main content
CVE-2021-41646 CRITICAL POC Act Now

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE Online Reviewer System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-41644 CRITICAL POC Act Now

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Food Ordering System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-41643 CRITICAL POC Act Now

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Church Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-41676 CRITICAL POC Act Now

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41674 CRITICAL POC Act Now

An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Negosyo System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-3756 CRITICAL POC PATCH Act Now

libmysofa is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libmysofa Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-31627 HIGH POC This Week

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda Ac9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-31624 HIGH POC This Week

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-41645 HIGH POC This Week

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Budget And Expense Tracker System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-39179 HIGH POC PATCH This Week

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dhis 2
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-41746 HIGH POC This Week

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Turbocrm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41189 HIGH POC PATCH This Week

DSpace is an open source turnkey repository application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dspace
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-41675 HIGH POC This Week

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Negosyo System
NVD GitHub
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-25742 HIGH POC This Week

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Ingress Nginx Trident
NVD GitHub
CVSS 3.1
7.1
EPSS
1.8%
CVE-2021-31862 MEDIUM POC This Month

SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sysaid
NVD GitHub
CVSS 3.1
6.1
EPSS
3.9%
CVE-2021-22038 HIGH This Week

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-1118 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Privilege Escalation Nvidia Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22037 HIGH This Week

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41186 HIGH PATCH This Week

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Fluentd
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-1119 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Virtual Gpu
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-1120 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure Virtual Gpu
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2021-1123 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1122 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1121 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3662 MEDIUM This Month

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Futuresmart 4 Futuresmart 5
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3441 MEDIUM POC This Month

A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Officejet 7110 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.7%
CVE-2021-35237 MEDIUM This Month

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kiwi Syslog Server
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy