Skip to main content
CVE-2021-27877 CRITICAL POC KEV THREAT Emergency

An issue was discovered in Veritas Backup Exec before 21.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Exec
NVD
CVSS 3.1
9.8
EPSS
64.9%
CVE-2021-3342 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-26703 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-26476 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-25914 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Object Collider
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-25833 CRITICAL POC THREAT Act Now

A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
43.5%
CVE-2021-25832 CRITICAL POC THREAT Act Now

A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
12.6%
CVE-2021-25831 CRITICAL POC THREAT Act Now

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
11.5%
CVE-2021-25830 CRITICAL POC THREAT Act Now

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
11.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy