|
1
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription par…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47981
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
7.1 |
HIGH
Network
|
-
|
-
|
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log i…
New
|
CWE-89
SQL Injection
|
CVE-2021-47980
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
8.8 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers …
New
|
CWE-22
Path Traversal
|
CVE-2021-47979
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
6.2 |
MEDIUM
Local
|
-
|
-
|
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send req…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2021-47978
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f…
New
|
CWE-22
Path Traversal
|
CVE-2021-47977
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
8.8 |
HIGH
Network
|
-
|
-
|
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can…
New
|
CWE-352
Origin Validation Error
|
CVE-2021-47976
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
7.2 |
HIGH
Network
|
-
|
-
|
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit PO…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47975
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
7.8 |
HIGH
Local
|
-
|
-
|
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-47974
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
7.5 |
HIGH
Network
|
-
|
-
|
Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47973
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
7.5 |
HIGH
Network
|
-
|
-
|
Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can p…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47972
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
