Skip to main content
CVE-2021-42362 HIGH POC PATCH THREAT Act Now

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP File Upload Wordpress Popular Posts
NVD GitHub WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
79.8%
CVE-2021-41274 HIGH POC PATCH This Week

solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Solidus Auth Devise
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-42956 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho Information Disclosure Manageengine Remote Access Plus Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-24847 HIGH POC This Week

The importFromRedirection AJAX action of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Seo Redirection 301 Redirect Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24804 HIGH POC This Week

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple Jwt Login
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-24772 HIGH POC PATCH This Week

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Stream
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24758 HIGH POC This Week

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Email Log
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-33481 HIGH POC This Week

A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Optical Character Recognition
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-33479 HIGH POC This Week

A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Optical Character Recognition
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-42955 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42954 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41277 HIGH POC KEV PATCH THREAT This Week

Metabase is an open source data analytics platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Metabase
NVD GitHub
CVSS 3.1
7.5
EPSS
97.2%
CVE-2021-41275 HIGH PATCH This Week

spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Spree Auth Devise
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-0071 HIGH This Week

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Ax210 Firmware Ax201 Firmware Ax200 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-0180 HIGH This Week

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Denial Of Service Hardware Accelerated Execution Manager
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2021-0078 HIGH This Week

Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Information Disclosure Ax210 Firmware +14
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-43997 HIGH This Week

FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Freertos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33118 HIGH This Week

Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Serial Io Driver For Intel Nuc 11 Gen
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33071 HIGH This Week

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Oneapi Rendering Toolkit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33063 HIGH This Week

Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Realsense D400 Series Universal Windows Platform Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33062 HIGH This Week

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Vtune Profiler
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33058 HIGH This Week

Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Administrative Tools For Intel Network Adapters
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0151 HIGH This Week

Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0082 HIGH This Week

Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0065 HIGH This Week

Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0064 HIGH This Week

Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33106 HIGH This Week

Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Intel Safestring Library
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33095 HIGH This Week

Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Keyboard Led Service Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33094 HIGH This Week

Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Keyboard Led Service Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33093 HIGH This Week

Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Serial Io Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33092 HIGH This Week

Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Hid Event Filter Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33091 HIGH This Week

Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Audio Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33090 HIGH This Week

Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc Hdmi Firmware Update Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33089 HIGH This Week

Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc Hdmi Firmware Update Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33088 HIGH This Week

Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0121 HIGH This Week

Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Iris Xe Max Dedicated Graphics
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0096 HIGH PATCH This Week

Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Authentication Bypass Nuc7I3Dn Firmware Nuc7I5Dn Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3939 HIGH This Week

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Ubuntu Information Disclosure Accountsservice Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0013 HIGH This Week

Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Endpoint Management Assistant
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-40745 HIGH This Week

Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Adobe Campaign
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-35528 HIGH This Week

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Java Authentication Bypass Counterparty Settlements And Billing Retail Operations
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy