Skip to main content
CVE-2021-37232 CRITICAL POC PATCH Act Now

A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Atomicparsley
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-36800 CRITICAL POC Act Now

Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Akaunting
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-20028 CRITICAL KEV THREAT Act Now

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sma 210 Firmware Sma 410 Firmware Sma 500V Firmware Sra 4600 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
30.1%
CVE-2021-1609 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Stack Overflow Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
9.7%
CVE-2021-1602 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Small Business Rv Series Router Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy