Skip to main content
CVE-2021-3287 CRITICAL POC THREAT Emergency

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Zoho Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
51.3%
CVE-2021-2135 CRITICAL POC PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
8.4%
CVE-2021-30476 CRITICAL POC Act Now

HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hashicorp Terraform Provider
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-2317 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
10.0
EPSS
1.9%
CVE-2021-2256 CRITICAL PATCH Act Now

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Storage Cloud Software Appliance
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2021-2248 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2021-2244 CRITICAL PATCH Act Now

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Essbase Analytic Provider Services Hyperion Analytic Provider Services
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2021-2177 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2021-0248 CRITICAL Act Now

This issue is not applicable to NFX NextGen Software. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2021-2302 CRITICAL PATCH Act Now

Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Java Platform Security For Java
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-2136 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-27389 CRITICAL Act Now

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opcenter Quality Qms Automotive
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-25669 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Siemens RCE Stack Overflow Scalance X200 4P Irt Firmware +28
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-25668 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware +27
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-24240 CRITICAL Act Now

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload Business Hours Pro
NVD WPScan
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-0266 CRITICAL Act Now

The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-0254 CRITICAL Act Now

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-0249 CRITICAL Act Now

On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-31572 CRITICAL PATCH Act Now

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Freertos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-31571 CRITICAL PATCH Act Now

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Freertos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-29465 CRITICAL Act Now

Discord-Recon is a bot for the Discord chat service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Discord Recon
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-2221 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
9.6
EPSS
2.0%
CVE-2021-0268 CRITICAL Act Now

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos
NVD
CVSS 3.1
9.3
EPSS
0.9%
CVE-2021-2320 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-2319 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-2318 CRITICAL PATCH Act Now

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Cloud Infrastructure Storage Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-2253 CRITICAL PATCH Act Now

Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Advanced Supply Chain Planning
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-2205 CRITICAL PATCH Act Now

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-2200 CRITICAL PATCH Act Now

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy