Skip to main content
CVE-2021-41679 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41678 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41677 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-43283 HIGH POC This Week

An issue was discovered on Victure WR1200 devices through 1.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wr1200 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2021-43790 HIGH POC PATCH This Week

Lucet is a native WebAssembly compiler and runtime. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption Lucet
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-43284 HIGH POC This Week

An issue was discovered on Victure WR1200 devices through 1.0.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wr1200 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41256 HIGH POC PATCH This Week

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Nextcloud Information Disclosure News
NVD GitHub
CVSS 3.1
7.1
EPSS
1.1%
CVE-2021-43282 MEDIUM POC This Month

An issue was discovered on Victure WR1200 devices through 1.0.3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wr1200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-36330 CRITICAL Act Now

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Streaming Data Platform
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43319 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
21.4%
CVE-2021-42099 CRITICAL Act Now

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine M365 Manager Plus
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2021-26612 CRITICAL Act Now

An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nexacro
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43202 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-42544 CRITICAL Act Now

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-3769 CRITICAL PATCH Act Now

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-3727 CRITICAL PATCH Act Now

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-3726 CRITICAL PATCH Act Now

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-42564 MEDIUM POC This Month

An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cryptshare Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-42545 CRITICAL Act Now

An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-42115 CRITICAL Act Now

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Topease
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-36328 HIGH This Week

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell SQLi Emc Streaming Data Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-42123 HIGH This Week

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Topease
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-3725 HIGH PATCH This Week

Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-4026 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-43771 HIGH This Week

Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-43296 HIGH This Week

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Supportcenter Plus
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-40101 HIGH This Week

An issue was discovered in Concrete CMS before 8.5.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-38967 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection Mq Appliance
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-36329 MEDIUM This Month

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Streaming Data Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-36326 MEDIUM This Month

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Streaming Data Platform
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31787 MEDIUM This Month

The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ats2819P Firmware Ats2815 Firmware Ats2819 Firmware Ats2819S Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-44230 MEDIUM This Month

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Burp Suite
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22095 MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-43998 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-42120 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-43295 MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2021-43294 MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-39000 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-38999 MEDIUM PATCH This Month

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38958 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42119 MEDIUM This Month

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Topease
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42118 MEDIUM This Month

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Topease
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-42117 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Topease
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-36327 MEDIUM This Month

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell SSRF Emc Streaming Data Platform
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-25987 MEDIUM PATCH This Month

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Hexo
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2021-42122 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-42121 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-42116 MEDIUM This Month

Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Topease
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy