Skip to main content
CVE-2021-35327 CRITICAL POC Act Now

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-35324 CRITICAL POC THREAT Act Now

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2021-21805 CRITICAL POC THREAT Act Now

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection R Seenet
NVD
CVSS 3.1
9.8
EPSS
69.6%
CVE-2021-34371 CRITICAL POC PATCH THREAT Act Now

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Java Neo4j
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.4%
CVE-2021-29978 CRITICAL POC PATCH Act Now

Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Mozilla Information Disclosure Mozilla Vpn
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-26605 CRITICAL Act Now

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ezpdfreader
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-29971 CRITICAL Act Now

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy