Skip to main content
CVE-2021-28293 CRITICAL POC Act Now

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aisiem
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-26473 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-26472 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft PHP Command Injection Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-26471 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32673 CRITICAL PATCH Act Now

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Reg Keygen Git Hash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-31962 CRITICAL PATCH Act Now

Kerberos AppContainer Security Feature Bypass Vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
9.4
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy