Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-35485 | The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. | 8.0 | 0.23% | 2026-03-03 | 2026-06-16 |
| CVE-2021-35484 | Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information. | 8.2 | 0.24% | 2026-03-03 | 2026-06-16 |
| CVE-2021-35483 | The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed. | 4.1 | 0.22% | 2026-03-03 | 2026-06-16 |
| CVE-2021-4456 | Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses. The documentation advises validating untrusted CIDR strings with the `cidrvalidate` function. However, this mitigation is | 6.5 | 0.32% | 2026-02-26 | 2026-06-17 |
| CVE-2021-35402 | PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status). | 10.0 | 0.95% | 2026-02-20 | 2026-06-16 |
| CVE-2021-26410 | Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure. | 1.8 | 0.15% | 2026-02-10 | 2026-06-16 |
| CVE-2021-26381 | Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption. | 7.1 | 0.15% | 2026-02-10 | 2026-06-16 |
| CVE-2021-47921 | Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorized system paths. | 7.1 | 0.67% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47920 | WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects. | 4.8 | 0.26% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47919 | Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks. | 5.1 | 0.29% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47918 | Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | 8.6 | 0.51% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47917 | Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation. | 5.1 | 0.29% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47916 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2026-02-01 | 2026-02-01 |
| CVE-2021-47915 | PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | 8.6 | 0.53% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47914 | PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules. | 5.1 | 0.30% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47913 | PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation. | 5.1 | 0.22% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47912 | PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions. | 5.1 | 0.22% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47911 | Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests. | 4.8 | 0.17% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47909 | Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system. | 8.6 | 0.32% | 2026-02-01 | 2026-06-17 |
| CVE-2021-47908 | Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions. | 5.1 | 0.30% | 2026-02-01 | 2026-06-17 |