Skip to main content
CVE-2021-3378 CRITICAL POC THREAT Emergency

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fortilogger
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.5%
CVE-2021-23330 CRITICAL POC Act Now

All versions of package launchpad are vulnerable to Command Injection via stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Launchpad
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-21276 CRITICAL POC PATCH Act Now

Polr is an open source URL shortener. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Authentication Bypass Polr
NVD GitHub Exploit-DB
CVSS 3.1
9.3
EPSS
7.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy