Skip to main content
CVE-2021-27200 CRITICAL POC Act Now

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Wowonder
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-21833 CRITICAL POC Act Now

An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-21824 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-21795 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-22175 CRITICAL POC KEV THREAT Act Now

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
53.4%
CVE-2021-21382 CRITICAL POC Act Now

Restund is an open source NAT traversal server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Restund
NVD GitHub
CVSS 3.1
9.6
EPSS
1.5%
CVE-2021-25387 CRITICAL Act Now

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2021-22768 CRITICAL Act Now

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22767 CRITICAL Act Now

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-22765 CRITICAL Act Now

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-22763 CRITICAL Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerlogic Pm5560 Firmware Powerlogic Pm5561 Firmware Powerlogic Pm5562 Firmware Powerlogic Pm5563 Firmware +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2021-32930 CRITICAL Act Now

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2021-27410 CRITICAL Act Now

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Connex Central Station Connex Device Integration Suite Network Connectivity Engine +7
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-0474 CRITICAL PATCH Act Now

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-22915 CRITICAL Act Now

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-25386 CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-25385 CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-25384 CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-25383 CRITICAL Act Now

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-3013 CRITICAL PATCH Act Now

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Ripgrep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-24035 CRITICAL Act Now

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy