Skip to main content
CVE-2021-45807 CRITICAL POC Act Now

jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jpress
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-45806 HIGH POC This Week

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jpress
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-45422 MEDIUM POC This Month

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reprise License Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-40327 MEDIUM PATCH This Month

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Trusted Firmware M
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy