Skip to main content
CVE-2021-25839 CRITICAL POC Act Now

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Minthcm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-26797 CRITICAL POC Act Now

An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Hame Sd1 Wi Fi Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-25928 CRITICAL POC Act Now

Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Safe Obj
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-25927 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Safe Flat
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-29475 CRITICAL PATCH Act Now

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker RCE Code Injection Hedgedoc
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2021-31646 CRITICAL PATCH Act Now

Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Gestsup
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-20711 CRITICAL Act Now

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg2600Hs Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-20697 CRITICAL Act Now

Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dap 1880Ac Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-21226 CRITICAL Act Now

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2021-21223 CRITICAL Act Now

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Debian Linux +1
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2021-21201 CRITICAL Act Now

Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
1.7%
CVE-2021-23365 CRITICAL PATCH Act Now

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Tyk Identity Broker
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy