Skip to main content
CVE-2020-36183 HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind Cloud Backup Service Level Manager +42
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
2.2%
CVE-2021-3029 CRITICAL Act Now

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Ecs Imaging
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-23242 MEDIUM POC This Month

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mercury X18G Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-23241 MEDIUM POC THREAT This Month

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Mercury X18G Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
13.4%
CVE-2021-3011 MEDIUM POC This Month

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure K13 K21 K40 +42
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy