Skip to main content
CVE-2021-38384 CRITICAL POC Act Now

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serverless Offline
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37425 CRITICAL POC THREAT Act Now

Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mobiletogether Server
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
66.3%
CVE-2021-20032 CRITICAL Act Now

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Java Analytics
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-38383 CRITICAL PATCH Act Now

OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Owntone Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-38140 CRITICAL PATCH Act Now

The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

PostgreSQL Privilege Escalation Set User
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-32943 CRITICAL Act Now

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy