Skip to main content
CVE-2021-24376 CRITICAL POC Act Now

The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP File Upload Autoptimize
NVD WPScan
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-24370 CRITICAL POC THREAT Act Now

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE File Upload Fancy Product Designer
NVD WPScan
CVSS 3.1
9.8
EPSS
47.1%
CVE-2021-24361 CRITICAL POC Act Now

In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Location Manager
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-35066 CRITICAL Act Now

An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Automate
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-26461 CRITICAL Act Now

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Apache Nuttx
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2021-0516 CRITICAL PATCH Act Now

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Privilege Escalation Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy