Recent April 2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
04/12/20215.55.5Fatek Automation WinProladder out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined2.50CVE-2021-27486
04/12/20213.53.5SiCKRAGE Quicksearch cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix2.23CVE-2021-25926
04/12/20213.53.5SiCKRAGE cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix2.07CVE-2021-25925
04/12/20213.53.5Patreon Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix2.18CVE-2021-24231
04/12/20213.53.5Patreon Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix1.91CVE-2021-24230
04/12/20213.53.5Patreon Plugin AJAX Action patreon_save_attachment_patreon_level cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.70CVE-2021-24229
04/12/20213.53.5Patreon Plugin Login Form wp-login.php cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.75CVE-2021-24228
04/12/20214.34.3Patreon Plugin wp-config.php information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix1.60CVE-2021-24227
04/12/20215.35.3AccessAlly Plugin product-shortcode.php information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix1.97CVE-2021-24226
04/12/20213.53.5Advanced Booking Calendar Plugin GET Parameter cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix2.02CVE-2021-24225
04/12/20216.36.3Easy Form Builder Plugin AJAX Action EFBP_verify_upload_file unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined1.76CVE-2021-24224
04/12/20214.64.6N5 Upload Form Plugin unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined1.97CVE-2021-24223
04/12/20217.37.3WP-Curriculo Vitae Free Plugin Profile Picture unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined1.92CVE-2021-24222
04/12/20217.37.3Quiz And Survey Master Plugin sql injection$0-$5k$0-$5kNot DefinedOfficial Fix1.92CVE-2021-24221
04/12/20216.36.0Thrive Legacy Rise Theme REST API Endpoint unrestricted upload$0-$5k$0-$5kHighOfficial Fix1.97CVE-2021-24220
04/12/20215.55.3Thrive Optimize Plugin REST API access control$0-$5k$0-$5kHighOfficial Fix2.02CVE-2021-24219
04/12/20213.53.5Facebook for WordPress Plugin AJAX Action wp_ajax_delete_fbe_settings cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix2.24CVE-2021-24218
04/12/20216.36.3Facebook for WordPress Plugin Function run_action deserialization$0-$5k$0-$5kNot DefinedOfficial Fix2.13CVE-2021-24217
04/12/20216.36.3Controlled Admin Access Plugin customization.php access control$0-$5k$0-$5kNot DefinedOfficial Fix2.23CVE-2021-24215
04/12/20213.53.5GiveWP cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.92CVE-2021-24213
04/12/20215.05.0wpDataTables sql injection$0-$5k$0-$5kNot DefinedOfficial Fix2.13CVE-2021-24200
04/12/20216.36.3wpDataTables sql injection$0-$5k$0-$5kNot DefinedOfficial Fix1.86CVE-2021-24199
04/12/20215.55.5wpDataTables access control$0-$5k$0-$5kNot DefinedOfficial Fix1.97CVE-2021-24198
04/12/20215.55.5wpDataTables access control$0-$5k$0-$5kNot DefinedOfficial Fix1.92CVE-2021-24197
04/12/20214.34.3Fortinet FortiADCManager/FortiADC log file$0-$5k$0-$5kNot DefinedOfficial Fix2.08CVE-2021-24024
04/12/20215.35.3chrono-node Date String denial of service$0-$5k$0-$5kNot DefinedOfficial Fix1.97CVE-2021-23371
04/12/20215.35.3swiper denial of service$0-$5k$0-$5kNot DefinedOfficial Fix3.51CVE-2021-23370
04/12/20215.65.6handlebars Template Compile Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix3.35CVE-2021-23369
04/12/20215.35.3postcss Map Parser incorrect regex$0-$5k$0-$5kNot DefinedOfficial Fix3.36CVE-2021-23368
04/12/20215.05.0GitLab JWT Token path traversal$0-$5k$0-$5kNot DefinedNot Defined4.36CVE-2021-22190
04/12/20215.55.2Monitorr _register.php authorization$0-$5k$0-$5kProof-of-ConceptNot Defined3.51CVE-2020-28872
04/12/20214.34.3Fortinet FortiWeb Web Vulnerability Scan Profile information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix3.72CVE-2020-15942
04/12/20216.36.0Fortinet FortiOS/FortiProxy HTTP Daemon stack-based overflow$0-$5k$0-$5kProof-of-ConceptOfficial Fix3.73CVE-2019-17656
04/12/20213.53.5Intelbras Tip 200 cgiServer.exx information disclosure$0-$5k$0-$5kNot DefinedNot Defined3.63-CVE-2020-24285
04/12/20215.55.5D-Link DIR-802 A1 UPnP command injection$5k-$25k$5k-$25kNot DefinedWorkaround3.63-CVE-2021-29379
04/12/20215.55.5Standard Library ZIP integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix4.20-CVE-2021-28879
04/12/20215.55.5Standard Library __iterator_get_unchecked memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix3.99-CVE-2021-28878
04/12/20215.55.5Standard Library __iterator_get_unchecked memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix4.15-CVE-2021-28877
04/12/20215.55.5Standard Library __iterator_get_unchecked memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix4.10-CVE-2021-28876
04/12/20215.55.5Standard Library read_to_end buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix3.79-CVE-2021-28875
04/12/20215.55.5Standard Library make_contiguous use after free$0-$5k$0-$5kNot DefinedOfficial Fix3.90-CVE-2020-36318
04/12/20215.55.5Standard Library UTF-8 Encoding retain memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix3.63-CVE-2020-36317
04/12/20215.55.5Standard Library Comparison sift_down_range memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix3.58-CVE-2015-20001
04/11/20213.53.5ezXML XML File libezxml.a ezxml_internal_dtd null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined2.97CVE-2021-30485
04/11/20216.36.0Valve Steam Source Engine Game buffer overflow$0-$5k$0-$5kProof-of-ConceptWorkaround3.99CVE-2021-30481
04/10/20217.87.8SonicWall GMS improper authentication$0-$5k$0-$5kNot DefinedNot Defined2.88CVE-2021-20020
04/10/20215.04.7Zoom Chat Remote Privilege Escalation$5k-$25k$5k-$25kProof-of-ConceptNot Defined3.56CVE-2021-30480
04/10/20213.33.3Samsung Account Pendingetent improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix2.78CVE-2021-25381
04/10/20215.85.8Samsung Bixby Exception Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix2.34CVE-2021-25380
04/10/20213.33.3Samsung Gallery Intents information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix2.24CVE-2021-25379

Do you want to use VulDB in your project?

Use the official API to access entries easily!