Skip to main content
CVE-2021-47936 CRITICAL POC Act Now

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass RCE
NVD Exploit-DB GitHub VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2021-47933 CRITICAL POC Act Now

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Authentication Bypass WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2021-47940 CRITICAL POC Act Now

WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass WordPress File Upload
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2021-47932 CRITICAL POC Act Now

WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2021-47923 CRITICAL POC Act Now

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opencart
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2021-47928 HIGH POC This Week

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Extension Tmd Vendor System
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2021-47941 HIGH POC This Week

WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2021-47930 HIGH POC This Week

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Balbooa Joomla Forms Builder
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2021-47939 HIGH POC This Week

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE
NVD Exploit-DB GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2021-47937 HIGH POC This Week

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2021-47935 HIGH POC PATCH GHSA This Week

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Sentry
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2021-47938 HIGH POC This Week

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2021-47943 HIGH POC This Week

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2021-47949 HIGH POC This Week

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cyberpanel
NVD Exploit-DB GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2022-50944 HIGH POC This Week

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP
NVD Exploit-DB GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47944 HIGH POC This Week

memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Denial Of Service
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47945 HIGH POC This Week

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Argus Surveillance Dvr
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-45186 HIGH POC PATCH This Week

Denial of service in libexpat before 2.8.1 lets remote attackers exhaust CPU by submitting moderately sized crafted XML whose elements contain many colliding attribute names, triggering quadratic-time behavior in the parser's duplicate-attribute detection. Affects the widely embedded Expat C XML parsing library; publicly available exploit code exists (a proof-of-concept gist), though EPSS is 0.00% and the issue is not in CISA KEV, indicating no observed in-the-wild exploitation. CVSS 7.5 reflects availability-only impact with no confidentiality or integrity exposure.

Denial Of Service Libexpat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8234 HIGH POC This Week

Stack-based buffer overflow in ipTIME A8004T router firmware 14.18.2 enables authenticated remote attackers to achieve complete system compromise via malformed WiFi configuration requests. The vulnerability exists in the formWifiBasicSet function's handling of the security_5g parameter. Public exploit code (GitHub POC) increases exploitation risk, though EPSS data and active exploitation status are not available. Vendor (EFM Networks) has not responded to disclosure or released a patch.

Stack Overflow Buffer Overflow Iptime A8004T
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2021-47946 MEDIUM POC This Month

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Authentication Bypass Opencart
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2022-50956 MEDIUM POC This Month

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2022-50954 MEDIUM POC This Month

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress LFI PHP Path Traversal
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8244 MEDIUM POC This Month

Improper authentication in Industrial Application Software IAS Canias ERP 8.03 allows unauthenticated remote attackers to bypass login authentication by manipulating the clientVersion argument in the Login RMI Interface component. The vulnerability enables unauthorized access to the ERP system without valid credentials. Publicly available exploit code exists and the vendor has not responded to disclosure attempts.

Authentication Bypass Canias Erp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8226 MEDIUM POC This Month

Denial of service vulnerability in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the service by triggering improper exception handling in the ogs_pcc_rule_install_flow_from_media function within the PCC rule processing library. Publicly available exploit code exists, and the project maintainers have not responded to the early notification despite issue tracking.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8225 MEDIUM POC This Month

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the Policy Control Function (PCF) service by sending crafted requests to the delete endpoint in the SM policy control handler (pcf_npcf_smpolicycontrol_handle_delete). The vulnerability has a publicly available proof of concept and impacts the availability of 5G network policy enforcement, though the vendor has not yet released a patch despite early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8241 MEDIUM POC This Month

Improper authorization in Industrial Application Software IAS Canias ERP 8.03 allows unauthenticated remote attackers to obtain sensitive information via the iasGetServerInfoEvent function in the RMI Interface. The vulnerability has a publicly available exploit and CVSS score of 5.3 (medium severity) with confidentiality impact but no integrity or availability impact. The vendor did not respond to early disclosure.

Authentication Bypass Canias Erp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2021-47953 MEDIUM POC This Month

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Opencart
NVD Exploit-DB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2022-50955 MEDIUM POC This Month

WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP CSRF
NVD Exploit-DB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2022-50943 MEDIUM POC This Month

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2022-50959 MEDIUM POC This Month

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2022-50958 MEDIUM POC This Month

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2022-50957 MEDIUM POC This Month

Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avatar Uploader
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-47931 MEDIUM POC This Month

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Exponent Cms
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-47924 MEDIUM POC This Month

Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP RCE
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50945 MEDIUM POC This Month

WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50969 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50968 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50967 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50966 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50965 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50964 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50963 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50962 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47947 MEDIUM POC This Month

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47929 MEDIUM POC This Month

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filterable Portfolio Gallery
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47927 MEDIUM POC This Month

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47925 MEDIUM POC This Month

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Cmdbuild
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47922 MEDIUM POC This Month

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slider By Soliloquy
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47910 MEDIUM POC This Month

AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accesspress Social Icons
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50947 MEDIUM POC This Month

WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy