Skip to main content
CVE-2021-45232 CRITICAL POC THREAT Act Now

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Apisix Dashboard
NVD
CVSS 3.1
9.8
EPSS
85.9%
CVE-2021-43845 CRITICAL POC PATCH Act Now

PJSIP is a free and open source multimedia communication library. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
3.7%
CVE-2021-45896 HIGH POC This Week

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nokia Fastmile Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-43857 HIGH POC PATCH THREAT This Week

Gerapy is a distributed crawler management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Gerapy
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
55.3%
CVE-2021-45337 HIGH POC This Week

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-45336 HIGH POC This Week

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-45335 HIGH POC This Week

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-45339 HIGH POC This Week

Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Antivirus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-45338 HIGH POC This Week

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-4173 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-45884 HIGH POC PATCH This Week

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brave
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-24753 HIGH POC PATCH This Week

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Rich Review
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24997 MEDIUM POC This Month

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Authentication Bypass Wp Guppy
NVD GitHub WPScan
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-24984 MEDIUM POC This Month

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpfront User Role Editor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24980 MEDIUM POC This Month

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gwolle Guestbook
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24979 MEDIUM POC PATCH This Month

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Paid Memberships Pro
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-24967 MEDIUM POC This Month

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Lead Form Elementor Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24797 MEDIUM POC This Month

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tickera
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-45890 CRITICAL PATCH Act Now

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Authguard
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-45709 CRITICAL Act Now

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Crypto2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-45707 CRITICAL PATCH Act Now

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Nix
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-45706 CRITICAL PATCH Act Now

An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zeroize Derive
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45705 CRITICAL PATCH Act Now

An issue was discovered in the nanorand crate before 0.6.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nanorand
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45703 CRITICAL PATCH Act Now

An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tectonic Xdv
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45701 CRITICAL PATCH Act Now

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Tremor Script
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45698 CRITICAL PATCH Act Now

An issue was discovered in the ckb crate before 0.40.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ckb
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45697 CRITICAL PATCH Act Now

An issue was discovered in the molecule crate before 0.7.2 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Molecule
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-45696 CRITICAL PATCH Act Now

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sha2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-45695 CRITICAL Act Now

An issue was discovered in the mopa crate through 2021-06-01 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mopa
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-45693 CRITICAL Act Now

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Messagepack Rs
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45692 CRITICAL Act Now

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Messagepack Rs
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-45691 CRITICAL Act Now

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Messagepack Rs
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45690 CRITICAL Act Now

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Messagepack Rs
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45689 CRITICAL Act Now

An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gfx Auxil
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45688 CRITICAL PATCH Act Now

An issue was discovered in the ash crate before 0.33.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ash
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-45687 CRITICAL PATCH Act Now

An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Raw Cpuid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45686 CRITICAL PATCH Act Now

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Csv Sniffer
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45685 CRITICAL PATCH Act Now

An issue was discovered in the columnar crate through 2021-01-07 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Columnar
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45684 CRITICAL PATCH Act Now

An issue was discovered in the flumedb crate through 2021-01-07 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flumedb
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45683 CRITICAL Act Now

An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Binjs Io
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45682 CRITICAL Act Now

An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bronzedb Protocol
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45906 MEDIUM POC This Month

OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwrt
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-45905 MEDIUM POC This Month

OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwrt
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-45904 MEDIUM POC This Month

OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwrt
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-43856 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-43855 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-24988 MEDIUM POC This Month

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Wp Rss Aggregator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-24969 MEDIUM POC This Month

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Download Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43858 HIGH PATCH This Week

MinIO is a Kubernetes native application for cloud storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Kubernetes Privilege Escalation Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
35.5%
CVE-2021-33017 HIGH This Week

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellibridge Ec40 Firmware Intellibridge Ec80 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy