Skip to main content
CVE-2021-24442 CRITICAL POC THREAT Act Now

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Poll Survey Questionnaire And Voting System
NVD WPScan
CVSS 3.1
9.8
EPSS
46.9%
CVE-2021-24385 CRITICAL POC Act Now

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filebird
NVD WPScan
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-23390 CRITICAL POC PATCH Act Now

The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total4
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-23389 CRITICAL POC PATCH Act Now

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-35064 CRITICAL POC THREAT Act Now

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Viaware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
70.8%
CVE-2021-32726 CRITICAL Act Now

Nextcloud Server is a Nextcloud package that handles data storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-26088 CRITICAL Act Now

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Single Sign On
NVD
CVSS 3.1
9.6
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy