Skip to main content
CVE-2021-27984 HIGH POC This Week

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Pluck
NVD GitHub
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-31745 HIGH POC This Week

Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Authentication Bypass Pluck
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-37188 HIGH This Week

An issue was discovered on Digi TransPort devices through 2021-07-21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Transport Dr64 Firmware Transport Vc74 Firmware Transport Wr11 Firmware Transport Wr11 Xt Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-26340 HIGH This Week

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7001 Firmware Epyc 7232P Firmware Epyc 7251 Firmware Epyc 7261 Firmware +101
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-41242 HIGH PATCH This Week

OpenOlat is a web-basedlearning management system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Openolat
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-37935 HIGH This Week

An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huntflow Enterprise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-37189 HIGH This Week

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Transport Wr11 Firmware Transport Wr11 Xt Firmware Transport Wr21 Firmware Transport Wr31 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-43803 HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
44.8%
CVE-2021-29214 HIGH PATCH This Week

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Storeserv Management Console
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy