Skip to main content
CVE-2021-24848 HIGH POC This Week

The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Mediamatic
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-40857 HIGH POC This Week

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Compact 5500R Ip Firmware Compact 5200R Ip Firmware Compact 5000R Ip Firmware Compact 4000 Ip Firmware +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-24945 HIGH POC This Week

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Information Disclosure Like Button Rating
NVD WPScan
CVSS 3.1
8.0
EPSS
0.6%
CVE-2021-44965 HIGH POC This Week

Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Employee Record Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-40856 HIGH POC THREAT This Week

Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Comfortel 3600 Ip Firmware Comfortel 2600 Ip Firmware Comfortel 1400 Ip Firmware
NVD
CVSS 3.1
7.5
EPSS
51.1%
CVE-2021-24970 HIGH POC This Week

The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal All In One Video Gallery
NVD WPScan
CVSS 3.1
7.2
EPSS
5.9%
CVE-2021-24861 HIGH POC This Week

The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Quotes Collection
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24747 HIGH POC PATCH This Week

The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Seo Booster
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-44154 HIGH POC PATCH This Week

An issue was discovered in Reprise RLM 14.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Reprise License Manager
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-44153 HIGH POC PATCH This Week

An issue was discovered in Reprise RLM 14.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Reprise License Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-39937 HIGH This Week

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Gitlab
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-39057 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Spectrum Protect Plus
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-43814 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-39050 HIGH This Week

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39049 HIGH This Week

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-43983 HIGH This Week

WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Levistudiou
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-41272 HIGH PATCH This Week

Besu is an Ethereum client written in Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Canonical Information Disclosure Besu
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-43822 HIGH PATCH This Week

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Jackalope Doctrine Dbal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43801 HIGH PATCH This Week

Mercurius is a GraphQL adapter for Fastify. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mercurius
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-39064 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-39058 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-39053 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-38947 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Copy Data Management
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-40008 HIGH This Week

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudengine 7800 Firmware Cloudengine 6800 Firmware Cloudengine 5800 Firmware Cloudengine 12800 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-39935 HIGH KEV THREAT This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
7.5
EPSS
35.6%
CVE-2021-20865 HIGH This Week

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Custom Fields
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-44151 HIGH This Week

An issue was discovered in Reprise RLM 14.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Reprise License Manager
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-43818 HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
2.5%
CVE-2021-39944 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Gitlab
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy