Skip to main content
CVE-2021-21830 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Xmill
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-21829 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Xmill
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-36380 CRITICAL POC KEV THREAT Act Now

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sureline
NVD
CVSS 3.1
9.8
EPSS
97.6%
CVE-2021-1104 CRITICAL POC Act Now

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Instruction Set Manual
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-37705 CRITICAL PATCH Act Now

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Authentication Bypass Onefuzz
NVD GitHub
CVSS 3.1
10.0
EPSS
2.4%
CVE-2021-38302 CRITICAL Act Now

The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Newsletter
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-36789 CRITICAL Act Now

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dated News
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-32071 CRITICAL Act Now

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Micollab
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-37353 CRITICAL Act Now

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP SSRF Nagios Xi Docker Wizard
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-37350 CRITICAL Act Now

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
79.2%
CVE-2021-37346 CRITICAL Act Now

Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard RCE Command Injection Nagios Xi Watchguard Wizard
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37344 CRITICAL Act Now

Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Nagios Xi Switch Wizard
NVD
CVSS 3.1
9.8
EPSS
96.8%
CVE-2021-34823 CRITICAL Act Now

The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XXE Screenshare
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2021-3352 CRITICAL Act Now

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micontact Center Business
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-38621 CRITICAL PATCH Act Now

The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Flat Server
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-27741 CRITICAL Act Now

" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection". Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Hcl Commerce
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy