Skip to main content
CVE-2021-42237 CRITICAL POC KEV THREAT Emergency

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Deserialization Experience Platform
NVD VulDB
CVSS 3.1
9.8
EPSS
99.2%
Threat
7.9
CVE-2021-35368 CRITICAL POC Act Now

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-42670 CRITICAL POC Act Now

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Engineers Online Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2021-42669 CRITICAL POC THREAT Act Now

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Engineers Online Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
23.3%
CVE-2021-42668 CRITICAL POC Act Now

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Engineers Online Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2021-42667 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Online Event Booking And Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
15.8%
CVE-2021-42665 CRITICAL POC Act Now

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Engineers Online Portal
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.9%
CVE-2021-42359 CRITICAL POC Act Now

WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wp Dsgvo Tools
NVD
CVSS 3.1
9.1
EPSS
3.9%
CVE-2021-43405 HIGH POC PATCH THREAT This Week

An issue was discovered in FusionPBX before 4.5.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fusionpbx
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
35.6%
CVE-2021-42666 HIGH POC This Week

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Engineers Online Portal
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
4.4%
CVE-2021-41228 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Command Injection Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41225 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41221 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41220 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41219 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41214 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41201 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3928 HIGH POC PATCH This Week

vim is vulnerable to Use of Uninitialized Variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-3927 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-3924 HIGH POC PATCH This Week

grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Grav
NVD GitHub
CVSS 3.1
7.5
EPSS
4.2%
CVE-2021-42671 HIGH POC THREAT This Week

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Engineers Online Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
19.7%
CVE-2021-41226 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-41224 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-41223 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-41212 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-41211 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-3916 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-39416 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-39413 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39411 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Hospital Management System
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-41251 MEDIUM POC PATCH This Month

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SAP Information Disclosure Cloud Sdk
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2021-42837 CRITICAL Act Now

An issue was discovered in Talend Data Catalog before 7.3-20210930. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-25508 CRITICAL Act Now

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Smartthings
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-41227 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41222 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41217 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41215 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41200 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41199 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41198 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41197 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-41196 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41195 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42664 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Engineers Online Portal
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-42662 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Event Booking And Reservation System
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-26844 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pa Server Monitor
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22260 MEDIUM POC This Month

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41230 HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass Pomerium
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-43406 HIGH PATCH This Week

An issue was discovered in FusionPBX before 4.5.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fusionpbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-43404 HIGH PATCH This Week

An issue was discovered in FusionPBX before 4.5.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fusionpbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy