Skip to main content
CVE-2021-35464 CRITICAL POC KEV THREAT Emergency

ForgeRock AM (Access Management) before version 7.0 contains a Java deserialization vulnerability in the jato.pageSession parameter enabling unauthenticated remote code execution via a single HTTP request.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2021-33032 CRITICAL POC THREAT Act Now

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
10.0
EPSS
52.2%
CVE-2021-25213 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-25211 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25205 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-31580 CRITICAL POC Act Now

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Ova Appliance Provisioning Manager
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-31579 CRITICAL POC Act Now

Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ova Appliance Provisioning Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-26223 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-25212 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Alumni Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26226 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-25202 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sales And Inventory System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26232 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple College Website
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-26231 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fantastic Blog Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26229 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-26228 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-26765 CRITICAL POC Act Now

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-25209 CRITICAL Act Now

SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Theme Park Ticketing System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-25210 CRITICAL Act Now

Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Alumni Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-35522 CRITICAL PATCH Act Now

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Information Disclosure Morphowave Compact Mdpi Firmware +9
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-35942 CRITICAL Act Now

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Glibc Active Iq Unified Manager E Series Santricity Os Controller +4
NVD
CVSS 3.1
9.1
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy