Skip to main content
CVE-2021-32639 CRITICAL POC Act Now

Emissary is a P2P-based, data-driven workflow engine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Emissary
NVD GitHub
CVSS 3.1
9.9
EPSS
1.4%
CVE-2021-35209 CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-23403 CRITICAL POC PATCH Act Now

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Ts Nodash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-23402 CRITICAL POC Act Now

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Record Like Deep Assign
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-36128 CRITICAL POC PATCH Act Now

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-36126 CRITICAL POC PATCH Act Now

An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-35042 CRITICAL POC PATCH THREAT Act Now

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django Fedora
NVD
CVSS 3.1
9.8
EPSS
44.4%
CVE-2021-35029 CRITICAL Act Now

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Usg1900 Firmware Usg1100 Firmware Usg310 Firmware +34
NVD
CVSS 3.1
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy