Skip to main content
CVE-2021-44228 CRITICAL POC KEV PATCH THREAT Act Now

Apache Log4j2 contains a critical JNDI injection vulnerability known as 'Log4Shell' that allows unauthenticated remote code execution through crafted log messages, affecting virtually every Java application on Earth and triggering the largest vulnerability remediation effort in history.

NVD GitHub Exploit-DB
CVSS 3.1
10.0
EPSS
94.4%
Threat
9.8
CVE-2021-23700 CRITICAL POC Act Now

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Merge Deep2
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-23663 CRITICAL POC Act Now

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Sey
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-23639 CRITICAL POC PATCH Act Now

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Markdown To Pdf
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2021-23561 CRITICAL POC Act Now

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Comb
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27983 CRITICAL POC Act Now

Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Maxsite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-31746 CRITICAL POC Act Now

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Pluck
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-37934 CRITICAL POC Act Now

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Huntflow Enterprise
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-23463 CRITICAL POC PATCH Act Now

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE H2
NVD GitHub
CVSS 3.1
9.1
EPSS
3.3%
CVE-2021-27984 HIGH POC This Week

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Pluck
NVD GitHub
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-31745 HIGH POC This Week

Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Authentication Bypass Pluck
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-3829 MEDIUM POC PATCH This Month

openwhyd is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Openwhyd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-4084 MEDIUM POC PATCH This Month

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-4081 MEDIUM POC PATCH This Month

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35978 CRITICAL Act Now

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Transport Dr64 Firmware Transport Sr44 Firmware Transport Vc74 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-38917 CRITICAL Act Now

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-37188 HIGH This Week

An issue was discovered on Digi TransPort devices through 2021-07-21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Transport Dr64 Firmware Transport Vc74 Firmware Transport Wr11 Firmware Transport Wr11 Xt Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-26340 HIGH This Week

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7001 Firmware Epyc 7232P Firmware Epyc 7251 Firmware Epyc 7261 Firmware +101
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-4089 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Snipe It
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-4082 MEDIUM POC PATCH This Month

pimcore is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pimcore
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-41242 HIGH PATCH This Week

OpenOlat is a web-basedlearning management system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Openolat
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-37935 HIGH This Week

An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huntflow Enterprise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-37189 HIGH This Week

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Transport Wr11 Firmware Transport Wr11 Xt Firmware Transport Wr21 Firmware Transport Wr31 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-43803 HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
44.8%
CVE-2021-29214 HIGH PATCH This Week

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Storeserv Management Console
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-38937 MEDIUM This Month

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Powervm Hypervisor
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37187 MEDIUM This Month

An issue was discovered on Digi TransPort devices through 2021-07-21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Transport Dr64 Firmware Transport Vc74 Firmware Transport Wr11 Firmware Transport Wr11 Xt Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-36911 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Comment Engine Pro
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-31747 MEDIUM This Month

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Information Disclosure Pluck
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2021-43815 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal
NVD GitHub
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-43813 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal
NVD GitHub
CVSS 3.1
4.3
EPSS
57.5%
CVE-2021-40834 MEDIUM This Month

A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Safe
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy