Skip to main content
CVE-2019-8922 HIGH POC This Week

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bluez Debian Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2021-24755 HIGH POC This Week

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Mycred
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24748 HIGH POC This Week

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Email Before Download
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-44429 HIGH POC This Week

Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Serva
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-44428 HIGH POC This Week

Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Pinkie
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-43786 HIGH POC PATCH This Week

Nodebb is an open source Node.js based forum software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Nodebb
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-38283 HIGH POC This Week

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Holmes
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-38147 HIGH POC THREAT This Week

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Holmes
NVD
CVSS 3.1
7.5
EPSS
53.0%
CVE-2021-24889 HIGH POC This Week

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Ninja Forms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24860 HIGH POC This Week

The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Bsk Pdf Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-42364 HIGH This Week

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Stetic
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-42358 HIGH This Week

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Contact Form With Captcha
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-43783 HIGH PATCH This Week

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Backstage
NVD GitHub
CVSS 3.1
8.5
EPSS
1.2%
CVE-2021-44198 HIGH PATCH This Week

DLL hijacking could lead to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34800 HIGH PATCH This Week

Sensitive information could be logged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Microsoft Information Disclosure Agent
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy