Skip to main content
CVE-2020-24913 CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.0%.

SQLi PHP Qcubed
NVD VulDB
CVSS 3.1
9.8
EPSS
44.0%
Threat
4.8
CVE-2020-24914 CRITICAL POC PATCH Act Now

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization PHP Qcubed
NVD VulDB
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-26293 CRITICAL POC Act Now

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora Webmail Pro
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-23344 CRITICAL POC PATCH Act Now

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2021-25346 CRITICAL Act Now

A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-23128 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-23127 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy