Skip to main content
CVE-2021-45092 CRITICAL POC THREAT Act Now

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Thinfinity Virtualui
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
40.0%
CVE-2021-43837 CRITICAL POC PATCH Act Now

vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Hashicorp RCE Vault Cli
NVD GitHub
CVSS 3.1
9.1
EPSS
5.0%
CVE-2021-45099 HIGH POC This Week

The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ssh Web Terminal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-42912 HIGH Act Now

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.8% and no vendor patch available.

Command Injection An5506 01 A Firmware An5506 01 B Firmware An5506 02 B Firmware An5506 04 B Firmware +2
NVD VulDB
CVSS 3.1
8.8
EPSS
13.8%
CVE-2021-44315 HIGH POC This Week

In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Bus Pass Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-38244 HIGH POC This Week

A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cbioportal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-45098 HIGH POC PATCH This Week

An issue was discovered in Suricata before 6.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Suricata Authentication Bypass Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-42550 MEDIUM POC PATCH This Month

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization RCE Logback Satellite Cloud Manager +3
NVD GitHub
CVSS 3.1
6.6
EPSS
4.4%
CVE-2021-4123 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-4124 MEDIUM POC PATCH This Month

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Janus
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-4121 MEDIUM POC PATCH This Month

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-45088 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-45087 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-45086 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-45085 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-43834 CRITICAL Act Now

eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-44317 MEDIUM POC This Month

In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bus Pass Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41262 HIGH PATCH This Week

Galette is a membership management web application built for non profit organizations and released under GPLv3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Galette
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-41962 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vehicle Service Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-41260 HIGH PATCH This Week

Galette is a membership management web application built for non profit organizations and released under GPLv3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Galette
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-45102 HIGH This Week

An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Htcondor
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-43833 HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-45101 HIGH This Week

An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Htcondor
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-3960 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Gravityzone
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-41028 HIGH This Week

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Forticlient Forticlient Endpoint Management Server
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-37262 HIGH PATCH This Week

JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jfinal Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-3959 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-45100 HIGH PATCH This Week

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Microsoft Information Disclosure Ksmbd H410c Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-44023 HIGH This Week

A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2021 Internet Security 2021 Maximum Security 2021 +1
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-26800 MEDIUM This Month

Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP User Management System In Php Stored Procedure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-43812 MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Nextjs Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-3179 MEDIUM This Month

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Gglocker
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-45097 MEDIUM This Month

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Knime Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-45095 MEDIUM PATCH This Month

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-41261 MEDIUM PATCH This Month

Galette is a membership management web application built for non profit organizations and released under GPLv3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Galette
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-40835 MEDIUM This Month

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safe
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-45096 MEDIUM This Month

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Knime Analytics Platform
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy