Skip to main content
CVE-2021-21985 CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-33470 CRITICAL POC Act Now

COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid19 Testing Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-25945 CRITICAL POC Act Now

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Js Extend
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-22738 CRITICAL Act Now

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-22737 CRITICAL Act Now

Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-22731 CRITICAL PATCH Act Now

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mcsesp083F23G0 Firmware Mcsesp083F23G0T Firmware Mcsesm043F23F0 Firmware Mcsesm053F1Cu0 Firmware +12
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-21986 CRITICAL Act Now

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Vcenter Server Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
12.9%
CVE-2021-22160 CRITICAL PATCH Act Now

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Pulsar
NVD
CVSS 3.1
9.8
EPSS
52.9%
CVE-2021-20487 CRITICAL Act Now

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Jwt Attack Power9 System Firmware Scale Out Lc System Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy