Skip to main content
CVE-2021-21280 CRITICAL POC PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-3604 CRITICAL POC Act Now

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Secure 8
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-33576 CRITICAL POC Act Now

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lexicom
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-31272 CRITICAL PATCH Act Now

SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Path Traversal Serenityos
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-21281 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-21282 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-21669 CRITICAL PATCH Act Now

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Generic Webhook Trigger
NVD
CVSS 3.1
9.8
EPSS
25.7%
CVE-2021-21410 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy