Skip to main content
CVE-2021-24846 HIGH POC This Week

The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Ni Woocommerce Custom Order Status
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24750 HIGH POC PATCH THREAT This Week

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Visitor Statistics
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
38.3%
CVE-2021-24739 HIGH POC This Week

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Logo Carousel
NVD WPScan
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-45290 HIGH POC This Week

A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binaryen Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-24981 HIGH POC This Week

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Directorist
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-44207 HIGH KEV THREAT Act Now

Acclaim USAHERDS livestock management system through version 7.4.0.1 uses hard-coded credentials, enabling unauthorized access to animal disease tracking data used by US state agricultural agencies.

NVD GitHub
CVSS 3.1
8.1
EPSS
9.1%
CVE-2021-27449 HIGH This Week

Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Amegaview
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-44874 HIGH This Week

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Systeam Enterprise Resource Planning
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-44860 HIGH This Week

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44859 HIGH This Week

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44423 HIGH This Week

An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Explorer
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-44422 HIGH This Week

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-27445 HIGH This Week

Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amegaview
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-45450 HIGH This Week

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Mbed Tls Fedora
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-44877 HIGH This Week

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systeam Enterprise Resource Planning
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43839 HIGH PATCH This Week

Cronos is a commercial implementation of a blockchain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cronos Ethermint Evmos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-36350 HIGH PATCH This Week

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Dell Authentication Bypass Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45451 HIGH PATCH This Week

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Mbed Tls Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-36337 HIGH PATCH This Week

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-36316 HIGH PATCH This Week

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Dell Privilege Escalation Emc Avamar Server
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy