Skip to main content
CVE-2021-21807 CRITICAL POC Act Now

An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-33221 CRITICAL POC THREAT Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
9.8
EPSS
57.0%
CVE-2021-34624 CRITICAL POC Act Now

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Profilepress
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-34623 CRITICAL POC Act Now

A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Profilepress
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-34621 CRITICAL POC THREAT Act Now

A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP Profilepress
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
68.9%
CVE-2021-25952 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution RCE Denial Of Service Just Safe Set
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-32714 CRITICAL POC PATCH Act Now

hyper is an HTTP library for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Hyper
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-33219 CRITICAL Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-33218 CRITICAL Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruckus Iot Controller
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-33216 CRITICAL POC THREAT Act Now

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruckus Iot Controller
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.8%
CVE-2021-32538 CRITICAL Act Now

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Artware Cms
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-32535 CRITICAL Act Now

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32534 CRITICAL Act Now

QSAN SANOS factory reset function does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-32533 CRITICAL Act Now

The QSAN SANOS setting page does not filter special parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-32531 CRITICAL Act Now

OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Xevo
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-32530 CRITICAL Act Now

OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Xevo
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32529 CRITICAL Act Now

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sanos Xevo
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32522 CRITICAL Act Now

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sanos Storage Manager Xevo
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-32521 CRITICAL Act Now

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanos Storage Manager Xevo
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-32520 CRITICAL Act Now

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-32513 CRITICAL Act Now

QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Storage Manager
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-32512 CRITICAL Act Now

QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Storage Manager
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20776 CRITICAL Act Now

Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass At 40Cm01Sr Firmware Sct 40Cm01Sr Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy