Skip to main content
CVE-2021-24321 CRITICAL POC THREAT Act Now

The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Bello
NVD WPScan
CVSS 3.1
9.8
EPSS
66.6%
CVE-2021-32647 CRITICAL POC PATCH Act Now

Emissary is a P2P based data-driven workflow engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Information Disclosure Java Emissary
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-27828 CRITICAL POC THREAT Act Now

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi In4Suite Erp
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
20.3%
CVE-2021-33180 CRITICAL Act Now

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SQLi Media Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-30181 CRITICAL PATCH Act Now

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Dubbo
NVD
CVSS 3.1
9.8
EPSS
61.5%
CVE-2021-30180 CRITICAL PATCH Act Now

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure Dubbo
NVD
CVSS 3.1
9.8
EPSS
60.4%
CVE-2021-30179 CRITICAL PATCH Act Now

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java Dubbo
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-25641 CRITICAL PATCH Act Now

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Dubbo
NVD
CVSS 3.1
9.8
EPSS
17.7%
CVE-2021-32654 CRITICAL Act Now

Nextcloud Server is a Nextcloud package that handles data storage. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2021-33181 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Video Station
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy