Skip to main content
CVE-2021-36623 CRITICAL POC Act Now

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Phone Shop Sales Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-36622 CRITICAL POC Act Now

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Covid Vaccination Scheduler System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37558 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-27952 CRITICAL POC Act Now

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ecobee3 Lite Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-37832 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hoteldruid
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-30571 CRITICAL POC Act Now

Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2021-36701 CRITICAL POC Act Now

In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Htmly
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-36159 CRITICAL POC PATCH Act Now

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libfetch
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2021-33485 CRITICAL Act Now

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Control Control Rte Control Runtime System Toolkit +4
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy