Skip to main content
CVE-2021-1498 CRITICAL POC KEV THREAT Emergency

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Command Injection Hyperflex Hx Data Platform
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-1497 CRITICAL POC KEV THREAT Emergency

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Command Injection Hyperflex Hx Data Platform
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-31737 CRITICAL POC Act Now

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-29203 CRITICAL POC THREAT Act Now

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Edgeline Infrastructure Manager
NVD
CVSS 3.1
9.8
EPSS
68.3%
CVE-2021-28152 CRITICAL POC Act Now

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H8922 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-32030 CRITICAL POC KEV THREAT Act Now

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lyra Mini Firmware Gt Ac2900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
99.4%
CVE-2021-29921 CRITICAL POC PATCH Act Now

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Authentication Bypass Communications Cloud Native Core Automated Test Suite Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Slice Selection Function +2
NVD GitHub
CVSS 3.1
9.8
EPSS
6.8%
CVE-2021-24236 CRITICAL POC Act Now

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Imagements
NVD WPScan
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-30473 CRITICAL PATCH Act Now

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Aomedia Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20204 CRITICAL Act Now

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Privilege Escalation Getdata +2
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-21505 CRITICAL Act Now

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 - 2011, contain an undocumented default iDRAC account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass Emc Integrated System For Microsoft Azure Stack Hub Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-1468 CRITICAL Act Now

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy