Skip to main content
CVE-2021-21809 CRITICAL POC THREAT Emergency

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Moodle
NVD
CVSS 3.1
9.1
EPSS
24.2%
CVE-2021-21998 CRITICAL PATCH Act Now

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Carbon Black App Control
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-27649 CRITICAL Act Now

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology RCE Memory Corruption Use After Free Denial Of Service +2
NVD
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy