Skip to main content
CVE-2021-45255 CRITICAL POC Act Now

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Video Sharing Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-45253 CRITICAL POC Act Now

The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Cold Storage Managment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45252 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Forum Discussion System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-24849 CRITICAL POC Act Now

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible
NVD WPScan
CVSS 3.1
9.8
EPSS
8.5%
CVE-2021-4139 CRITICAL POC PATCH Act Now

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2021-24846 HIGH POC This Week

The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Ni Woocommerce Custom Order Status
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24750 HIGH POC PATCH THREAT This Week

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Visitor Statistics
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
38.3%
CVE-2021-24739 HIGH POC This Week

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Logo Carousel
NVD WPScan
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-45290 HIGH POC This Week

A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binaryen Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-24981 HIGH POC This Week

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Directorist
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-44207 HIGH KEV THREAT Act Now

Acclaim USAHERDS livestock management system through version 7.4.0.1 uses hard-coded credentials, enabling unauthorized access to animal disease tracking data used by US state agricultural agencies.

NVD GitHub
CVSS 3.1
8.1
EPSS
9.1%
CVE-2021-24956 MEDIUM POC This Month

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Blog2Social
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-24941 MEDIUM POC This Month

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24907 MEDIUM POC This Month

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Everest Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24578 MEDIUM POC This Month

The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sportspress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-27453 CRITICAL Act Now

Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amegaview
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-27451 CRITICAL Act Now

Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amegaview
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-27447 CRITICAL Act Now

Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Amegaview
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-36336 CRITICAL PATCH Act Now

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Wyse Management Suite
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-45090 CRITICAL Act Now

Stormshield Endpoint Security before 2.1.2 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Endpoint Security
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-44927 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-44926 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44925 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44924 MEDIUM POC This Month

An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44923 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44922 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44921 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44920 MEDIUM POC This Month

An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44919 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44918 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44917 MEDIUM POC This Month

A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gnuplot
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45297 MEDIUM POC This Month

An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45293 MEDIUM POC This Month

A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Binaryen Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-45292 MEDIUM POC This Month

The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45291 MEDIUM POC This Month

The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45289 MEDIUM POC This Month

A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45288 MEDIUM POC This Month

A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-24738 MEDIUM POC This Month

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Carousel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27449 HIGH This Week

Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Amegaview
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-44874 HIGH This Week

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Systeam Enterprise Resource Planning
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-44860 HIGH This Week

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44859 HIGH This Week

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44423 HIGH This Week

An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Explorer
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44422 HIGH This Week

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-27445 HIGH This Week

Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amegaview
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-45450 HIGH This Week

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Mbed Tls Fedora
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-44877 HIGH This Week

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systeam Enterprise Resource Planning
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43839 HIGH PATCH This Week

Cronos is a commercial implementation of a blockchain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cronos Ethermint Evmos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-36350 HIGH PATCH This Week

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Dell Authentication Bypass Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45451 HIGH PATCH This Week

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Mbed Tls Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy