Skip to main content
CVE-2021-33501 CRITICAL POC Act Now

Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Overwolf
NVD GitHub
CVSS 3.1
9.6
EPSS
7.9%
CVE-2021-20110 CRITICAL Act Now

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Manageengine Assetexplorer
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2021-35965 CRITICAL Act Now

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-35964 CRITICAL Act Now

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-35963 CRITICAL Act Now

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-33027 CRITICAL Act Now

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-33592 CRITICAL Act Now

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Toolbar
NVD
CVSS 3.1
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy