Skip to main content
CVE-2021-22502 CRITICAL POC KEV THREAT Emergency

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Operation Bridge Reporter
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2021-25913 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Set Or Get
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-26541 CRITICAL POC PATCH Act Now

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Gitlog
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2021-26754 CRITICAL POC Act Now

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wpdatatables
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2021-26530 CRITICAL POC Act Now

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow OpenSSL Memory Corruption Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-26529 CRITICAL POC Act Now

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-26528 CRITICAL POC Act Now

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-21304 CRITICAL PATCH Act Now

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dynamoose
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy