Skip to main content
CVE-2021-25979 CRITICAL PATCH Act Now

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apostrophecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30132 CRITICAL Act Now

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cloudera Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-42371 CRITICAL Act Now

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lpar2Rrd Stor2Rrd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-40577 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Enrollment Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-24807 MEDIUM POC This Month

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Support Board
NVD GitHub WPScan
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-24840 MEDIUM POC This Month

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Squaretype
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-24710 MEDIUM POC PATCH This Month

The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Print O Matic
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24708 MEDIUM POC This Month

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp All Export
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24706 MEDIUM POC This Month

The Qwizcards - online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Qwizcards
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24701 MEDIUM POC This Month

The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz Tool Lite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24664 MEDIUM POC This Month

The School Management System - WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpschoolpress
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
2.4%
CVE-2021-24646 MEDIUM POC This Month

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Booking Com Banner Creator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24645 MEDIUM POC This Month

The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Booking Com Product Helper
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24616 MEDIUM POC PATCH This Month

The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Addtoany Share Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24607 MEDIUM POC This Month

The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Storefront Footer Text
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24594 MEDIUM POC PATCH This Month

The Translate WordPress - Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google WordPress XSS Google Language Translator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24832 MEDIUM POC This Month

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Seo Redirect 301
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-24816 MEDIUM POC This Month

The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Phoenix Media Rename
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-24806 MEDIUM POC This Month

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wpdiscuz
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-24801 MEDIUM POC This Month

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Authentication Bypass Wp Survey Plus
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-24698 MEDIUM POC This Month

The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple Download Monitor
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-31600 MEDIUM POC This Month

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-41772 HIGH PATCH This Week

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora Timesten In Memory Database
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-41771 HIGH PATCH This Week

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-42370 HIGH This Week

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lpar2Rrd Stor2Rrd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29843 MEDIUM This Month

IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22051 MEDIUM PATCH This Month

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Cloud Gateway
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-41733 MEDIUM PATCH This Month

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Oppia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32482 MEDIUM This Month

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloudera Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-32481 MEDIUM This Month

Cloudera Hue 4.6.0 allows XSS via the type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29994 MEDIUM This Month

Cloudera Hue 4.6.0 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29243 MEDIUM This Month

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloudera Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-37850 MEDIUM This Month

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Eset Cyber Security Endpoint Antivirus +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29735 MEDIUM This Month

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32483 MEDIUM This Month

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cloudera Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy