Skip to main content
CVE-2021-28237 CRITICAL POC Act Now

LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libredwg
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43679 CRITICAL POC Act Now

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecshop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-26777 CRITICAL POC Act Now

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Compact Dc S Basic Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-28236 HIGH POC This Week

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-25784 HIGH POC This Week

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-25783 HIGH POC This Week

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-44518 MEDIUM POC This Month

An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Egeetouch Manager
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-3944 MEDIUM POC PATCH This Month

bookstack is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Bookstack
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-43682 MEDIUM POC This Month

thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinkphp Bjyblog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43686 MEDIUM POC This Month

nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Nzedb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43683 MEDIUM POC This Month

pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pictshare
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43681 MEDIUM POC This Month

SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sakurapanel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23264 CRITICAL PATCH Act Now

Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crafter Cms
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-25785 MEDIUM POC This Month

Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Taocms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-44227 HIGH PATCH This Week

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mailman Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-43327 MEDIUM POC This Month

An issue was discovered on Renesas RX65 and RX65N devices. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rx65N Firmware Rx65 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2021-40334 HIGH This Week

Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fox615 Firmware Xcm20 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43795 HIGH PATCH This Week

Armeria is an open source microservice framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Armeria
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-23263 HIGH This Week

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crafter Cms
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-23262 HIGH This Week

Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-23259 HIGH This Week

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-23258 HIGH This Week

Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-40333 HIGH This Week

Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Authentication Bypass Fox615 Firmware Xcm20 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-44050 MEDIUM This Month

CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Ca Network Flow Analysis
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-23260 MEDIUM This Month

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crafter Cms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-43791 MEDIUM PATCH This Month

Zulip is an open source group chat application that combines real-time chat with threaded conversations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zulip
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-23261 MEDIUM This Month

Authenticated administrators may override the system configuration file and cause a denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Crafter Cms
NVD
CVSS 3.1
4.9
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy