Skip to main content
CVE-2021-47956 HIGH POC This Week

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2020-37244 HIGH POC This Week

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Membership
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2020-37243 HIGH POC This Week

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Pricing Table
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2020-37242 HIGH POC This Week

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ultimate Maps
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2021-47954 HIGH POC This Week

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2021-47977 HIGH POC This Week

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2021-47942 HIGH POC PATCH This Week

Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Home Assistant Community Store Hacs
NVD Exploit-DB GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2020-37245 HIGH POC This Week

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Path Traversal Digital Publications
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2021-47976 HIGH POC This Week

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP
NVD Exploit-DB GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2020-37227 HIGH POC This Week

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2021-47979 HIGH POC This Week

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47973 HIGH POC This Week

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47972 HIGH POC This Week

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sticky Notes Color Widgets
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47971 HIGH POC This Week

My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service My Notes Safe
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47970 HIGH POC This Week

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Macaron Notes Gear Notebook
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47969 HIGH POC This Week

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Color Notes
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2021-47974 HIGH POC This Week

VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Vx Search
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2020-37247 HIGH POC This Week

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2020-37232 HIGH POC This Week

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Advanced System Care Service
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2020-37231 HIGH POC This Week

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privacy Drive
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2020-37230 HIGH POC This Week

Syncplify.me Server!. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Syncplify Me Server
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2020-37229 HIGH POC This Week

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Oki Spsv Port Manager
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2021-47980 HIGH POC This Week

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuel Cms
NVD Exploit-DB GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-46728 HIGH PATCH This Week

FIT image signature verification bypass in Das U-Boot before 2026.04 lets an attacker who can supply a Flat Image Tree get tampered boot components accepted as authentic, defeating verified/secure boot. Because the 'hashed-nodes' list is omitted from the computed hash, an attacker can alter which nodes are actually covered by the signature and load unsigned or modified kernels/images. There is no public exploit identified at time of analysis and EPSS is 0.00%, but SSVC rates technical impact as total, reflecting a full compromise of the chain of trust.

Authentication Bypass U Boot
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8657 HIGH PATCH This Week

Prototype pollution in the jsondiffpatch JavaScript library before 0.7.6 allows attackers to modify Object.prototype by supplying crafted delta documents to jsondiffpatch.patch() or JSON Patch documents to the jsonpatch formatter's patch() API. Because attacker-controlled key names and JSON Pointer path segments were used to traverse and mutate objects without filtering __proto__, constructor, or prototype, any application that feeds untrusted diffs into the library can have global object behavior tampered with. A public POC exists in the Snyk advisory and an accompanying gist, but there is no public exploit identified at time of analysis (not on CISA KEV).

Prototype Pollution Information Disclosure Jsondiffpatch
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy