Skip to main content
CVE-2021-21513 CRITICAL POC Act Now

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Microsoft Authentication Bypass Openmanage Server Administrator
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-21321 CRITICAL PATCH Act Now

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Fastify Reply From
NVD GitHub
CVSS 3.1
10.0
EPSS
1.8%
CVE-2021-21322 CRITICAL PATCH Act Now

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Fastify Http Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-27730 CRITICAL Act Now

Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-27804 CRITICAL Act Now

JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libjxl
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-25309 CRITICAL Act Now

The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dx600A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-27886 CRITICAL PATCH Act Now

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Docker Dashboard
NVD GitHub
CVSS 3.1
9.8
EPSS
45.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy