Skip to main content
CVE-2021-32605 CRITICAL POC Act Now

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zzzphp
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-31166 CRITICAL POC KEV PATCH THREAT Act Now

HTTP Protocol Stack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Windows 10 2004 Windows 10 20H2 +2
NVD GitHub
CVSS 3.1
9.8
EPSS
99.7%
CVE-2021-29508 CRITICAL POC Act Now

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Microsoft Wire
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-28476 CRITICAL PATCH Act Now

Windows Hyper-V Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
9.9
EPSS
38.6%
CVE-2021-32089 CRITICAL Act Now

An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE File Upload Fx9500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-31915 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-31914 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-31897 CRITICAL Act Now

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webstorm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-31909 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-32563 CRITICAL PATCH Act Now

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Thunar
NVD
CVSS 3.1
9.8
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy