Skip to main content
CVE-2021-3007 CRITICAL POC PATCH THREAT Act Now

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE PHP Laminas Http Zend Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
75.3%
CVE-2021-21495 HIGH POC This Week

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Mk Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-3014 MEDIUM POC This Month

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik XSS Routeros
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21494 MEDIUM POC This Month

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mk Auth
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy