Skip to main content
CVE-2021-31632 CRITICAL POC Act Now

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE B2Evolution Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-36567 CRITICAL POC Act Now

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-36564 CRITICAL POC PATCH Act Now

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-43936 CRITICAL POC PATCH THREAT Act Now

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Webhmi Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
35.8%
CVE-2021-24943 CRITICAL POC Act Now

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Registrations For The Events Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-24931 CRITICAL POC THREAT Act Now

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Secure Copy Content Protection And Content Locking
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
78.8%
CVE-2021-24866 CRITICAL POC Act Now

The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Data Access
NVD WPScan
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-43044 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43042 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-43036 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PostgreSQL Brute Force Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43035 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PostgreSQL RCE Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-43033 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-31631 HIGH POC This Week

b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF B2Evolution Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-40313 HIGH POC This Week

Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43469 HIGH POC This Week

VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wr N300U Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-43041 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unitrends Backup
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-43040 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Unitrends Backup
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43038 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PostgreSQL Unitrends Backup
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-24914 HIGH POC This Week

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Tawk To Live Chat
NVD WPScan
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-4069 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-43037 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Unitrends Backup
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-43034 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apache Privilege Escalation RCE Unitrends Backup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22170 HIGH POC This Week

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-24917 HIGH POC THREAT This Week

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Authentication Bypass Wps Hide Login
NVD WPScan
CVSS 3.1
7.5
EPSS
71.5%
CVE-2021-43471 HIGH POC This Week

In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Brute Force Lbp223Dw Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-4075 HIGH POC PATCH This Week

snipe-it is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Snipe It
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-43043 MEDIUM POC This Month

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Unitrends Backup
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-43039 MEDIUM POC This Month

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unitrends Backup
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-25041 MEDIUM POC PATCH This Month

The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24939 MEDIUM POC This Month

The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loginwp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24938 MEDIUM POC This Month

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Currency Switcher
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24935 MEDIUM POC PATCH This Month

The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google WordPress XSS Wp Google Fonts
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24924 MEDIUM POC This Month

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Log
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-44682 CRITICAL Act Now

An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44681 CRITICAL Act Now

An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44680 CRITICAL Act Now

An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44679 CRITICAL Act Now

An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44678 CRITICAL Act Now

An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44677 CRITICAL Act Now

An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-40091 CRITICAL Act Now

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Squaredup
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43931 CRITICAL PATCH Act Now

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Webhmi Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-39890 CRITICAL Act Now

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-24930 MEDIUM POC This Month

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bookly
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24759 MEDIUM POC This Month

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pdf Js Viewer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43784 MEDIUM POC PATCH This Month

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Runc Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
1.7%
CVE-2021-35242 HIGH This Week

Serv-U server responds with valid CSRFToken when the request contains only Session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Serv U
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24718 MEDIUM POC This Month

The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Survey Popup Form Plugin For Wordpress Arforms Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24714 MEDIUM POC This Month

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp All Import
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-43781 MEDIUM POC PATCH This Month

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Invenio Drafts Resources
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-43800 HIGH PATCH This Week

Wiki.js is a wiki app built on Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal Wiki Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy