Skip to main content
CVE-2021-34427 CRITICAL POC THREAT Act Now

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Business Intelligence And Reporting Tools
NVD
CVSS 3.1
9.8
EPSS
57.7%
CVE-2021-34074 CRITICAL POC Act Now

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-34184 CRITICAL POC Act Now

Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Miniaudio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-35048 CRITICAL POC Act Now

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deception Network
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-35502 CRITICAL PATCH Act Now

app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-28958 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho RCE Command Injection Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.8
EPSS
73.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy