Skip to main content
CVE-2021-30149 CRITICAL POC PATCH THREAT Act Now

Composr 10.0.36 allows upload and execution of PHP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Composr
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.1%
CVE-2021-24026 CRITICAL Act Now

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Google Whatsapp +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-27698 CRITICAL Act Now

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27697 CRITICAL Act Now

RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-27357 CRITICAL Act Now

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-28173 CRITICAL Act Now

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Deltaflow
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-28171 CRITICAL Act Now

The Vangene deltaFlow E-platform does not take properly protective measures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deltaflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-30164 CRITICAL Act Now

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Redmine Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-30045 CRITICAL PATCH Act Now

SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Serenityos
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy