Skip to main content
CVE-2021-36916 CRITICAL POC PATCH Act Now

The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress SQLi Hide My Wp
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-43778 HIGH POC PATCH THREAT This Week

Barcode is a GLPI plugin for printing barcodes and QR codes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Path Traversal Barcode
NVD GitHub
CVSS 3.1
7.5
EPSS
52.7%
CVE-2021-36917 HIGH POC This Week

WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Hide My Wp
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-41192 MEDIUM POC PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Redash
NVD GitHub
CVSS 3.1
6.5
EPSS
8.0%
CVE-2021-20842 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ec Cube
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20841 MEDIUM POC PATCH This Month

Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ec Cube
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-3554 CRITICAL Act Now

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security Tools Gravityzone
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2021-44219 CRITICAL PATCH Act Now

Gin-Vue-Admin before 2.4.6 mishandles a SQL database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gin Vue Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-34423 CRITICAL Act Now

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE HP Apple +31
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-22049 CRITICAL PATCH Act Now

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-20850 CRITICAL PATCH Act Now

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Powercms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-44140 CRITICAL PATCH Act Now

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Privilege Escalation Jspwiki
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-42297 MEDIUM POC PATCH This Month

Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Update Assistant
NVD
CVSS 3.1
5.0
EPSS
1.5%
CVE-2021-41268 HIGH PATCH This Week

Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP Session Fixation Symfony
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-22957 HIGH PATCH This Week

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-43780 HIGH PATCH This Week

Redash is a package for data visualization and sharing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Redash
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-20846 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Push Notifications For Wordpress
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-20845 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Unlimited Sitemap Generator
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-28708 HIGH PATCH This Week

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-28707 HIGH PATCH This Week

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-28704 HIGH PATCH This Week

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-28706 HIGH PATCH This Week

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2021-42306 HIGH PATCH This Week

An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Microsoft Information Disclosure Azure Active Directory Azure Active Site Recovery Azure Automation +1
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2021-38873 HIGH PATCH This Week

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-31822 HIGH This Week

When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Tentacle
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28709 HIGH PATCH This Week

issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28705 HIGH PATCH This Week

issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-34424 HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP Apple Microsoft +30
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-21980 HIGH PATCH This Week

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2021-3553 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3552 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20835 HIGH This Week

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Mercari
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41270 MEDIUM PATCH This Month

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Code Injection Symfony Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-41267 MEDIUM PATCH This Month

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling PHP Information Disclosure Symfony
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-43268 MEDIUM This Month

An issue was discovered in VxWorks 6.9 through 7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-32037 MEDIUM This Month

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-43777 MEDIUM PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Google Redash
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-20848 MEDIUM PATCH This Month

Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rwtxt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20840 MEDIUM This Month

Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Booking Package
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-40369 MEDIUM PATCH This Month

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-20844 MEDIUM This Month

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rtx830 Firmware Nvr510 Firmware Nvr700W Firmware Rtx1210 Firmware +4
NVD
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-43211 MEDIUM PATCH This Month

Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Update Assistant
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-20843 MEDIUM This Month

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rtx830 Firmware Nvr510 Firmware Nvr700W Firmware Rtx1210 Firmware +4
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-43221 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Google RCE Code Injection Microsoft Edge Chromium
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2021-43220 LOW PATCH Monitor

Microsoft Edge for iOS Spoofing Vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Apple Microsoft Authentication Bypass Edge Ios
NVD
CVSS 3.1
3.1
EPSS
1.1%
CVE-2021-42308 LOW PATCH Monitor

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Authentication Bypass Edge Chromium
NVD
CVSS 3.1
3.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy