Skip to main content
CVE-2021-31698 CRITICAL POC Act Now

Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Eg25 G Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-29377 CRITICAL POC Act Now

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Pearadmin Think
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-28890 CRITICAL POC Act Now

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2Eefast
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-37599 CRITICAL POC Act Now

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Winscribe Dictation
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-26424 CRITICAL PATCH Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
9.9
EPSS
58.9%
CVE-2021-31556 CRITICAL PATCH Act Now

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-28121 CRITICAL Act Now

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Virtual Robots Txt
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-33199 CRITICAL PATCH Act Now

In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Expressionengine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-26432 CRITICAL PATCH Act Now

Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2021-38606 CRITICAL PATCH Act Now

reNgine through 0.5 relies on a predictable directory name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rengine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-20509 CRITICAL Act Now

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Code Injection Maximo Asset Management
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-20314 CRITICAL PATCH Act Now

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service RCE Memory Corruption Libspf2 +2
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-37222 CRITICAL PATCH Act Now

Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Rcdcap
NVD
CVSS 3.1
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy