Skip to main content
CVE-2021-24827 CRITICAL POC PATCH THREAT Act Now

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress SQLi Asgaros Forum
NVD WPScan
CVSS 3.1
9.8
EPSS
13.3%
CVE-2021-24731 CRITICAL POC Act Now

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pie Register
NVD WPScan
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-28024 CRITICAL POC Act Now

Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Servicetonic
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-28023 CRITICAL POC Act Now

Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Servicetonic
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-42077 CRITICAL POC Act Now

PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Event Calendar
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-34684 CRITICAL POC Act Now

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vantara Pentaho
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2021-24693 CRITICAL POC Act Now

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Download Monitor
NVD WPScan
CVSS 3.1
9.0
EPSS
1.2%
CVE-2021-41170 CRITICAL PATCH Act Now

neoan3-apps/template is a neoan3 minimal template engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Neoan3 Template
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-25979 CRITICAL PATCH Act Now

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apostrophecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30132 CRITICAL Act Now

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cloudera Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-42371 CRITICAL Act Now

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lpar2Rrd Stor2Rrd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy