Skip to main content
CVE-2021-23654 CRITICAL POC Act Now

This affects all versions of package html-to-csv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Html To Csv
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-26611 CRITICAL Act Now

HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hejhome Gkw Ic052 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38685 CRITICAL Act Now

A command injection vulnerability has been reported to affect QNAP device, VioStor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-41279 HIGH PATCH This Week

BaserCMS is an open source content management system with a focus on Japanese language support. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Basercms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41243 HIGH PATCH This Week

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Basercms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-26615 HIGH This Week

ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Ark Library
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-36807 HIGH This Week

An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Unified Threat Management Up2Date
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-38686 HIGH This Week

An improper authentication vulnerability has been reported to affect QNAP device, VioStor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Qvr
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-35533 HIGH This Week

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rtu500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-43785 MEDIUM PATCH This Month

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Emoji Button
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-43776 MEDIUM PATCH This Month

Backstage is an open platform for building developer portals. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Auth Backend
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-40833 MEDIUM This Month

A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlant Internet Gatekeeper Linux Security Linux Security 64 +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-36919 MEDIUM This Month

Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Awesome Support
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-44225 MEDIUM PATCH This Month

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Keepalived Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-36843 MEDIUM This Month

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Floating Social Media Icon
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-25269 MEDIUM This Month

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Exploit Prevention Intercept X Endpoint Intercept X For Server
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy