Skip to main content
CVE-2021-33574 CRITICAL POC Act Now

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Glibc Fedora +11
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-25946 CRITICAL POC Act Now

Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Nconf Toml
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-25944 CRITICAL POC Act Now

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Deep Defaults
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-33575 CRITICAL PATCH Act Now

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ruby Jss
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-30193 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-30192 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 750 893 Firmware 750 891 Firmware 750 890 Firmware 750 889 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-30190 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 750 893 Firmware 750 891 Firmware 750 890 Firmware 750 889 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-30189 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-30188 CRITICAL Act Now

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-21658 CRITICAL PATCH Act Now

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Nuget
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-30194 CRITICAL Act Now

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 750 893 Firmware 750 891 Firmware 750 890 Firmware +25
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy