Skip to main content
CVE-2021-21972 CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal VMware Cloud Foundation Vcenter Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2021-1388 CRITICAL Act Now

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Aci Multi Site Orchestrator Application Policy Infrastructure Controller
NVD
CVSS 3.1
10.0
EPSS
14.4%
CVE-2021-1393 CRITICAL Act Now

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Services Engine Application Policy Infrastructure Controller
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-22667 CRITICAL Act Now

BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Bb Eswgp506 2Sfp T Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-20658 CRITICAL Act Now

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-1361 CRITICAL Act Now

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Information Disclosure Nx Os
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy