Skip to main content
CVE-2021-26566 CRITICAL POC Act Now

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Vs960Hd Firmware Skynas Firmware +1
NVD
CVSS 3.1
9.0
EPSS
1.4%
CVE-2021-27198 CRITICAL Act Now

An issue was discovered in Visualware MyConnection Server before v11.1a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload Java Myconnection Server
NVD
CVSS 3.1
9.8
EPSS
13.6%
CVE-2021-26904 CRITICAL Act Now

LMA ISIDA Retriever 5.2 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Retriever
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-21308 CRITICAL PATCH Act Now

PrestaShop is a fully scalable open source e-commerce solution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy