Skip to main content
CVE-2021-28834 CRITICAL POC PATCH Act Now

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kramdown Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-26275 CRITICAL POC Act Now

The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Eslint Fixer
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-25289 CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Pillow
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-26990 CRITICAL PATCH Act Now

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Cloud Manager
NVD
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy