Skip to main content
CVE-2021-27362 CRITICAL POC Act Now

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Information Disclosure Wpg
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-26809 CRITICAL POC Act Now

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental Portal
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-25779 CRITICAL POC Act Now

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-22855 CRITICAL Act Now

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hr Portal
NVD
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy