Skip to main content
CVE-2021-3304 CRITICAL POC Act Now

Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow F St 3686 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-3278 CRITICAL POC THREAT Act Now

Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Local Services Search Engine Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
25.3%
CVE-2021-3199 CRITICAL POC Act Now

Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-3190 CRITICAL POC PATCH Act Now

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Command Injection Async Git
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2021-3188 CRITICAL POC Act Now

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Phplist
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-25907 CRITICAL POC PATCH Act Now

An issue was discovered in the containers crate before 0.9.11 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Containers
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-25900 CRITICAL POC PATCH Act Now

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Smallvec
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-25905 CRITICAL POC PATCH Act Now

An issue was discovered in the bra crate before 0.1.1 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bra
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-21278 CRITICAL PATCH Act Now

RSSHub is an open source, easy to use, and extensible RSS feed generator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Rsshub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-3286 CRITICAL Act Now

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Spotweb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-3193 CRITICAL Act Now

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Apache Information Disclosure Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
9.8%
CVE-2021-3185 CRITICAL PATCH Act Now

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Gst Plugins Bad
NVD
CVSS 3.1
9.8
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy