Skip to main content
CVE-2021-22910 CRITICAL POC Act Now

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-24507 CRITICAL POC THREAT Act Now

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Astra
NVD WPScan
CVSS 3.1
9.8
EPSS
11.0%
CVE-2021-24499 CRITICAL POC THREAT Act Now

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Workreap
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
60.1%
CVE-2021-32798 CRITICAL POC PATCH Act Now

The Jupyter notebook is a web-based notebook environment for interactive computing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE XSS Notebook
NVD GitHub
CVSS 3.1
9.6
EPSS
2.1%
CVE-2021-32797 CRITICAL POC PATCH Act Now

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Jupyterlab
NVD GitHub
CVSS 3.1
9.6
EPSS
2.6%
CVE-2021-21564 CRITICAL PATCH Act Now

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Authentication Bypass Openmanage Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy