Skip to main content
CVE-2021-36450 MEDIUM POC THREAT This Month

Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.9%.

XSS Workforce Optimization
NVD VulDB
CVSS 3.1
6.1
EPSS
68.9%
Threat
4.8
CVE-2021-42216 CRITICAL POC PATCH Act Now

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Anonaddy
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-42311 CRITICAL POC PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SQLi Microsoft Defender For Iot
NVD
CVSS 3.1
10.0
EPSS
4.0%
CVE-2021-44350 CRITICAL POC Act Now

SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-4119 CRITICAL POC PATCH THREAT Act Now

bookstack is vulnerable to Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
CVSS 3.1
9.8
EPSS
26.9%
CVE-2021-27856 CRITICAL POC Act Now

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ipvpn Firmware Mpvpn Firmware Warp Firmware
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-36888 CRITICAL POC Act Now

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Image Hover Effects
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-44655 CRITICAL POC Act Now

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Online Pre Owned Used Car Showroom Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-44653 CRITICAL POC Act Now

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Online Magazine Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-43113 CRITICAL POC PATCH Act Now

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Itext Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-41560 CRITICAL POC PATCH THREAT Act Now

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Opencats
NVD GitHub
CVSS 3.1
9.8
EPSS
11.1%
CVE-2021-45017 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Google Catfish Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-44657 HIGH POC PATCH This Week

In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Stackstorm
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-45078 HIGH POC This Week

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Binutils Fedora +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-43518 HIGH POC This Week

Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Teeworlds Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-43326 HIGH POC This Week

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Automox
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-40827 HIGH POC This Week

Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Memory Corruption RCE Clementine
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-40826 HIGH POC This Week

Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service RCE Clementine
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-43831 HIGH POC PATCH This Week

Gradio is an open source framework for building interactive machine learning models and demos. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gradio
NVD GitHub
CVSS 3.1
7.7
EPSS
3.8%
CVE-2021-45043 HIGH POC THREAT This Week

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hd Network Real Time Monitoring System
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
33.1%
CVE-2021-4110 HIGH POC PATCH This Week

mruby is vulnerable to NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Mruby
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-43890 HIGH POC KEV PATCH THREAT This Week

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Microsoft Information Disclosure App Installer
NVD GitHub
CVSS 3.1
7.1
EPSS
10.3%
CVE-2021-40170 MEDIUM POC This Month

An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Securitashome Alarm System Firmware
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-45018 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google PHP XSS Catfish Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44116 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Anchor Cms
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-42313 CRITICAL PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE SQLi Microsoft Defender For Iot
NVD
CVSS 3.1
10.0
EPSS
3.8%
CVE-2021-43935 CRITICAL Act Now

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Welch Allyn Connex Cardio Welch Allyn Diagnostic Cardiology Suite Welch Allyn Rscribe Resting Ecg System Welch Allyn Vision Express Holter Analysis System +3
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-39655 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-39645 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-39644 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-39641 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-0956 CRITICAL Act Now

In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-0889 CRITICAL Act Now

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-43907 CRITICAL PATCH Act Now

Visual Studio Code WSL Extension Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows Subsystem For Linux
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-43899 CRITICAL PATCH Act Now

Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Wireless Display Adapter Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-43882 CRITICAL PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-43225 CRITICAL PATCH Act Now

Bot Framework SDK Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Bot Framework Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-43217 CRITICAL PATCH Act Now

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2021-43215 CRITICAL PATCH Act Now

iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Windows 10 Windows 11 +8
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-43214 CRITICAL PATCH Act Now

Web Media Extensions Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Raw Image Extension
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-42310 CRITICAL PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-42945 CRITICAL Act Now

A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-41844 CRITICAL Act Now

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jetengine
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43905 CRITICAL PATCH Act Now

Microsoft Office app Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE 365 Copilot
NVD
CVSS 3.1
9.6
EPSS
2.8%
CVE-2021-4116 MEDIUM POC PATCH This Month

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42220 MEDIUM POC PATCH This Month

A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41557 MEDIUM POC This Month

Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Miles Rich Internet Application
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-27858 MEDIUM POC This Month

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ipvpn Firmware Mpvpn Firmware Warp Firmware
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2021-43836 HIGH PATCH This Week

Sulu is an open-source PHP content management system based on the Symfony framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP RCE Path Traversal Sulu
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-43806 HIGH PATCH This Week

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Tuleap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy