Skip to main content
CVE-2021-45046 CRITICAL POC KEV PATCH THREAT Act Now

Apache Log4j2 contains an incomplete fix for Log4Shell (CVE-2021-44228) that allows attackers to bypass the initial patch through Thread Context Map (MDC) input data in non-default configurations, enabling RCE and DoS.

NVD
CVSS 3.1
9.0
EPSS
94.3%
Threat
9.6
CVE-2021-4104 HIGH Act Now

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 72.2% and no vendor patch available.

RCE Deserialization Apache Log4J Fedora +44
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
72.2%
CVE-2021-40883 CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-44949 CRITICAL POC Act Now

glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45014 CRITICAL POC Act Now

There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45015 CRITICAL POC Act Now

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Taocms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-44935 CRITICAL POC Act Now

glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Glfusion
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2021-43829 HIGH POC PATCH THREAT This Week

PatrOwl is a free and open-source solution for orchestrating Security Operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Patrowlmanager
NVD GitHub
CVSS 3.1
8.8
EPSS
59.2%
CVE-2021-3376 HIGH POC This Week

An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cuppacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-4073 HIGH POC PATCH This Week

The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

WordPress Authentication Bypass Registrationmagic
NVD
CVSS 3.1
8.1
EPSS
7.0%
CVE-2021-43821 HIGH POC PATCH This Week

Opencast is an Open Source Lecture Capture & Video Management for Education. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Opencast
NVD GitHub
CVSS 3.1
7.7
EPSS
2.0%
CVE-2021-43828 HIGH POC This Week

PatrOwl is a free and open-source solution for orchestrating Security Operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Patrowlmanager
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-39312 HIGH POC THREAT This Week

The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP True Ranker
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
77.9%
CVE-2021-43807 MEDIUM POC PATCH This Month

Opencast is an Open Source Lecture Capture & Video Management for Education. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-4108 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39183 MEDIUM POC PATCH This Month

Owncast is an open source, self-hosted live video streaming and chat server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Owncast
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-40882 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-42063 MEDIUM POC THREAT This Month

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS SAP Knowledge Warehouse
NVD
CVSS 3.1
6.1
EPSS
22.3%
CVE-2021-4107 MEDIUM POC PATCH This Month

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-42050 MEDIUM POC This Month

An issue was discovered in AbanteCart before 1.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Abantecart
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-3831 MEDIUM POC PATCH This Month

gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Gnuboard5
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-44042 CRITICAL Act Now

An issue was discovered in UiPath Assistant 21.4.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Assistant
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44041 CRITICAL Act Now

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Assistant
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-44231 CRITICAL Act Now

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-42064 CRITICAL Act Now

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Oracle SAP Java Commerce
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44538 CRITICAL PATCH Act Now

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Element Javascript Sdk Olm Schildichat +2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-44524 CRITICAL Act Now

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sipass Integrated Siveillance Identity
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-3836 MEDIUM POC PATCH This Month

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

XXE Dbeaver
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-42051 MEDIUM POC This Month

An issue was discovered in AbanteCart before 1.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Abantecart
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-44937 MEDIUM POC This Month

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-44523 CRITICAL Act Now

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sipass Integrated Siveillance Identity
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2021-43830 HIGH PATCH This Week

OpenProject is a web-based project management software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Openproject
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-44233 HIGH This Week

SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Access Control
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38182 HIGH This Week

Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kyma
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-44942 MEDIUM POC This Month

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Glfusion
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-34426 HIGH This Week

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Keybase
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38950 HIGH PATCH This Week

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Mq For Hpe Nonstop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-4007 HIGH This Week

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Python Privilege Escalation Insight Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44450 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-44449 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44447 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-44446 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44445 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44443 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44442 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44441 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44440 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44439 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-44438 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44437 HIGH This Week

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Jt Open Toolkit Jt Utilities
NVD
CVSS 3.1
7.8
EPSS
0.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy