Skip to main content
CVE-2021-31631 HIGH POC This Week

b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF B2Evolution Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-40313 HIGH POC This Week

Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43469 HIGH POC This Week

VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wr N300U Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-43041 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unitrends Backup
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-43040 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Unitrends Backup
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43038 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PostgreSQL Unitrends Backup
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-24914 HIGH POC This Week

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Tawk To Live Chat
NVD WPScan
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-4069 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-43037 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Unitrends Backup
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-43034 HIGH POC This Week

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apache Privilege Escalation RCE Unitrends Backup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22170 HIGH POC This Week

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-24917 HIGH POC THREAT This Week

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Authentication Bypass Wps Hide Login
NVD WPScan
CVSS 3.1
7.5
EPSS
71.5%
CVE-2021-43471 HIGH POC This Week

In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Brute Force Lbp223Dw Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-4075 HIGH POC PATCH This Week

snipe-it is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Snipe It
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-35242 HIGH This Week

Serv-U server responds with valid CSRFToken when the request contains only Session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Serv U
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-43800 HIGH PATCH This Week

Wiki.js is a wiki app built on Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal Wiki Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-36198 HIGH This Week

Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kantech Entrapass
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy