Skip to main content
CVE-2021-21307 CRITICAL POC PATCH THREAT Act Now

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Authentication Bypass Lucee Server
NVD GitHub
CVSS 3.1
9.8
EPSS
89.2%
CVE-2021-22652 CRITICAL POC THREAT Emergency

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
36.8%
CVE-2021-25689 CRITICAL Act Now

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Pcoip Soft Client
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-22658 CRITICAL Act Now

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2021-21014 CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
4.2%
CVE-2021-21025 CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
3.3%
CVE-2021-21024 CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
2.8%
CVE-2021-21019 CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
9.1
EPSS
3.6%
CVE-2021-21018 CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
4.1%
CVE-2021-21016 CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
4.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy