Skip to main content
CVE-2021-38003 HIGH POC KEV THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
36.2%
CVE-2021-24892 HIGH POC PATCH This Week

Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Advanced Forms
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43775 HIGH POC PATCH This Week

Aim is an open-source, self-hosted machine learning experiment tracking tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Aim
NVD GitHub
CVSS 3.1
8.6
EPSS
1.8%
CVE-2021-24641 HIGH POC This Week

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Images To Webp
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-35033 HIGH POC This Week

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Nbg6818 Firmware Nbg7815 Firmware Wsq20 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-24644 HIGH POC This Week

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Images To Webp
NVD WPScan
CVSS 3.1
7.5
EPSS
5.0%
CVE-2021-24877 HIGH POC This Week

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Mainwp Child
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-24894 MEDIUM POC PATCH This Month

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Integer Overflow Denial Of Service Reviews Plus
NVD WPScan
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-38000 MEDIUM POC KEV THREAT This Month

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Open Redirect Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
4.5%
CVE-2021-37999 MEDIUM POC This Month

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24891 MEDIUM POC THREAT This Month

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Website Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
24.0%
CVE-2021-24875 MEDIUM POC This Month

The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ecommerce Product Catalog
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-42785 CRITICAL Act Now

Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tightvnc
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-42784 CRITICAL PATCH Act Now

OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Command Injection Dwr 932C E1 Firmware
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-42783 CRITICAL PATCH Act Now

Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Authentication Bypass Dwr 932C E1 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-36314 CRITICAL PATCH Act Now

Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Cloud Link
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-37022 CRITICAL Act Now

There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-24703 MEDIUM POC This Month

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Download Plugin
NVD WPScan
CVSS 3.1
5.7
EPSS
0.4%
CVE-2021-38002 CRITICAL Act Now

Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
0.9%
CVE-2021-3672 MEDIUM POC PATCH This Month

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS C Ares Fedora Enterprise Linux Enterprise Linux Computer Node +13
NVD
CVSS 3.1
5.6
EPSS
2.6%
CVE-2021-24812 MEDIUM POC This Month

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Betterlinks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24729 MEDIUM POC This Month

The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Showcase With Slick Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-36312 CRITICAL Act Now

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Cloudlink
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-37016 CRITICAL Act Now

There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Denial Of Service Information Disclosure Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2021-38001 HIGH This Week

Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
26.7%
CVE-2021-37998 HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37997 HIGH This Week

Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-36335 HIGH PATCH This Week

Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Cloud Link
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-24888 MEDIUM POC This Month

The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Imageboss
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24882 MEDIUM POC This Month

The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slideshow Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24830 MEDIUM POC PATCH This Month

The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Advanced Access Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24713 MEDIUM POC This Month

The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Lessons Manager Video Lessons Manager Pro
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24700 MEDIUM POC This Month

The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forminator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-37102 HIGH This Week

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fusioncompute
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-40830 HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Node.js Java Amazon Web Services Aws C Io +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40829 HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Apple Information Disclosure Node.js Java +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40828 HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Microsoft Information Disclosure Node.js Java +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-24668 MEDIUM POC This Month

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Maz Loader
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-36300 HIGH PATCH This Week

iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Information Disclosure Emc Idrac9 Firmware
NVD
CVSS 3.1
8.2
EPSS
33.3%
CVE-2021-36299 HIGH PATCH This Week

Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Dell SQLi Denial Of Service Information Disclosure Emc Idrac9 Firmware
NVD
CVSS 3.1
8.1
EPSS
29.6%
CVE-2021-36311 HIGH PATCH This Week

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Authentication Bypass Emc Networker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-43019 HIGH PATCH This Week

Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-35052 HIGH This Week

A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39976 HIGH This Week

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cloudengine 5800 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41281 HIGH PATCH This Week

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Synapse Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-38891 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38890 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-37035 HIGH This Week

There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37034 HIGH This Week

There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37033 HIGH This Week

There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Code Injection Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy