Skip to main content
CVE-2021-22205 CRITICAL POC KEV THREAT Emergency

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gitlab Code Injection
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
99.7%
CVE-2021-31597 CRITICAL POC PATCH Act Now

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Xmlhttprequest Ssl
NVD GitHub
CVSS 3.1
9.4
EPSS
2.1%
CVE-2021-26291 CRITICAL POC PATCH Act Now

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Information Disclosure Maven Quarkus Financial Services Analytical Applications Infrastructure +1
NVD
CVSS 3.1
9.1
EPSS
8.7%
CVE-2021-22893 CRITICAL KEV THREAT Act Now

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Ivanti Authentication Bypass Connect Secure
NVD
CVSS 3.1
10.0
EPSS
47.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy