Skip to main content
CVE-2021-24809 HIGH POC PATCH This Week

The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress Better Messages
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24717 HIGH POC This Week

The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Authentication Bypass Automatorwp
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-40348 HIGH POC PATCH This Week

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat RCE Code Injection Uyuni Spacewalk
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-42694 HIGH POC This Week

An issue was discovered in the character definitions of the Unicode Specification through 14.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection Unicode
NVD
CVSS 3.1
8.3
EPSS
4.5%
CVE-2021-42574 HIGH POC THREAT This Week

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection Unicode Fedora Starwind Virtual San
NVD
CVSS 3.1
8.3
EPSS
12.2%
CVE-2021-39341 HIGH POC THREAT This Week

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Authentication Bypass Optinmonster
NVD
CVSS 3.1
8.2
EPSS
23.3%
CVE-2021-39333 HIGH POC This Week

The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Hashthemes Demo Importer
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-25874 HIGH POC This Week

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Youphptube
NVD VulDB
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-25877 HIGH POC This Week

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Youphptube
NVD VulDB
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-42557 HIGH POC This Week

In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jeedom
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-41187 HIGH This Week

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dhis 2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38847 HIGH This Week

S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload S Cart
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-27644 HIGH PATCH This Week

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Privilege Escalation Dolphinscheduler
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-3440 HIGH This Week

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure HP Hp Smart
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3704 HIGH This Week

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Laserjet Pro J8H60A Firmware Laserjet Pro J8H61A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-27005 HIGH PATCH This Week

Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ontap System Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-20838 HIGH PATCH This Week

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service XXE Office Server Document Converter
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-31849 HIGH This Week

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Data Loss Prevention Endpoint
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy