Skip to main content
CVE-2021-28481 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.8
EPSS
36.5%
CVE-2021-28480 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.8
EPSS
71.4%
CVE-2021-30175 CRITICAL POC Act Now

ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
8.5%
CVE-2021-27905 CRITICAL POC PATCH THREAT Act Now

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Solr
NVD
CVSS 3.1
9.8
EPSS
93.1%
CVE-2021-29003 CRITICAL POC THREAT Act Now

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Platinum 4410 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
45.4%
CVE-2021-23281 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Intelligent Power Manager
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2021-23279 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
10.0
EPSS
27.1%
CVE-2021-23277 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2021-27602 CRITICAL Act Now

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Commerce
NVD
CVSS 3.1
9.9
EPSS
2.0%
CVE-2021-23280 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2021-3460 CRITICAL Act Now

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mh702X Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-0430 CRITICAL PATCH Act Now

In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-29999 CRITICAL Act Now

An issue was discovered in Wind River VxWorks through 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-29998 CRITICAL Act Now

An issue was discovered in Wind River VxWorks before 6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks Ruggedcom Win Subscriber Station Firmware Scalance X200 4 P Irt Firmware +33
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-21730 CRITICAL Act Now

A ZTE product is impacted by improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-30176 CRITICAL Act Now

The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Expert
NVD GitHub
CVSS 3.1
9.8
EPSS
29.0%
CVE-2021-22505 CRITICAL Act Now

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Operations Agent
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-30503 CRITICAL PATCH Act Now

The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Glsl Linting
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-23278 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2021-29943 CRITICAL PATCH Act Now

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Solr
NVD
CVSS 3.1
9.1
EPSS
5.3%
CVE-2021-28483 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy