Skip to main content
CVE-2021-21783 CRITICAL POC PATCH Act Now

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Gsoap Communications Diameter Signaling Router Communications Eagle Application Processor Communications Eagle Lnp Application Processor +2
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2021-26715 CRITICAL POC Act Now

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SSRF Information Disclosure Connect
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-27372 CRITICAL Act Now

Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xpon Rtl9601D Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-27440 CRITICAL Act Now

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Reason Dr60 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-3466 CRITICAL PATCH Act Now

A flaw was found in libmicrohttpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libmicrohttpd Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2021-27193 CRITICAL Act Now

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vision Pro
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy