Skip to main content
CVE-2021-34187 CRITICAL POC PATCH THREAT Act Now

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Chamilo
NVD GitHub
CVSS 3.1
9.8
EPSS
16.2%
CVE-2021-23399 CRITICAL POC Act Now

This affects all versions of package wincred. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wincred
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-35456 CRITICAL Act Now

Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Pet Shop Web Application
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-31337 CRITICAL Act Now

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sinamics Sl150 Firmware Sinamics Sm150 Firmware Sinamics Sm150I Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-35514 CRITICAL PATCH Act Now

Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Narou
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy