Skip to main content
CVE-2021-23758 CRITICAL POC PATCH THREAT Act Now

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Ajaxpro 2
NVD GitHub
CVSS 3.1
9.8
EPSS
88.8%
CVE-2021-35414 CRITICAL POC PATCH Act Now

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-35346 CRITICAL POC PATCH Act Now

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tsmuxer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-35344 CRITICAL POC PATCH Act Now

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tsmuxer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-44352 CRITICAL POC THREAT Act Now

A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.4%
CVE-2021-44347 CRITICAL POC Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43676 CRITICAL POC PATCH Act Now

matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Swoole Php Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-44278 CRITICAL POC Act Now

Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Librenms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43674 CRITICAL POC Act Now

ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Thinkup
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-35413 HIGH POC PATCH This Week

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-3980 HIGH POC PATCH This Week

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-43673 MEDIUM POC This Month

dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dzzoffice
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-4000 MEDIUM POC PATCH This Month

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-44349 CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44348 CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43991 MEDIUM POC This Month

The Kentico Xperience CMS version 13.0 - 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Information Disclosure Xperience
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-43415 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Nomad
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-35415 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-23562 HIGH PATCH This Week

This affects the package plupload before 2.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Plupload
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29756 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-44021 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44020 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44019 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20470 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29716 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20493 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-44022 MEDIUM This Month

A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-43772 MEDIUM This Month

Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Trend Micro Information Disclosure Antivirus Security Internet Security +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38909 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29867 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-29719 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy