Skip to main content
CVE-2021-44832 MEDIUM PATCH This Month

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has...

RCE Apache Java
NVD VulDB
CVSS 3.1
6.6
EPSS
53.6%
Threat
4.9
CVE-2021-45814 CRITICAL POC Act Now

Nettmp NNT 5.1 is affected by a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Nnt
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
6.3%
CVE-2021-45911 HIGH POC This Week

An issue was discovered in gif2apng 1.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gif2Apng Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-45910 HIGH POC This Week

An issue was discovered in gif2apng 1.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gif2Apng Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-45909 HIGH POC This Week

An issue was discovered in gif2apng 1.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gif2Apng Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-45908 HIGH POC This Week

An issue was discovered in gif2apng 1.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gif2Apng
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-45907 HIGH POC This Week

An issue was discovered in gif2apng 1.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gif2Apng
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-45813 MEDIUM POC This Month

SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webcti
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-45812 MEDIUM POC This Month

NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nvrsolo Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-45425 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple XSS Safari Montage
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.4%
CVE-2021-37401 CRITICAL Act Now

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Data File Manager Windedit Windldr Microsmart Plus Fc6B Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-37400 CRITICAL Act Now

An attacker may obtain the user credentials from the communication between the PLC and the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Data File Manager Windedit Windldr Microsmart Plus Fc6B Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-4179 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-4177 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20873 HIGH This Week

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Yappli
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-35031 HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +11
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-43556 HIGH This Week

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Winproladder
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-43554 HIGH This Week

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Winproladder
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-35032 HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42583 HIGH PATCH This Week

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maddy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-40579 MEDIUM This Month

https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Online Enrollment Management System
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-45903 MEDIUM This Month

A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy