Skip to main content
CVE-2021-27130 CRITICAL POC Act Now

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Online Reviewer System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-27710 CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-27708 CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2021-27707 CRITICAL POC Act Now

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-27706 CRITICAL POC Act Now

Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-27705 CRITICAL POC Act Now

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda G1 Firmware G3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-28300 CRITICAL POC Act Now

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference RCE Denial Of Service Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-27114 CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.6%
CVE-2021-27113 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-31162 CRITICAL POC PATCH Act Now

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rust Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-30459 CRITICAL PATCH Act Now

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django Debug Toolbar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-27258 CRITICAL Act Now

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-28797 CRITICAL Act Now

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap Stack Overflow Surveillance Station
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2021-24028 CRITICAL PATCH Act Now

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects.02.22.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Thrift
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy