Skip to main content
CVE-2021-22931 CRITICAL POC PATCH THREAT Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Node.js Node Js Active Iq Unified Manager +8
NVD
CVSS 3.1
9.8
EPSS
22.0%
CVE-2021-38754 CRITICAL POC Act Now

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-38753 CRITICAL POC Act Now

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Simple Image Gallery Web App
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-35395 CRITICAL POC KEV PATCH THREAT Act Now

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Command Injection Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
98.1%
CVE-2021-35394 CRITICAL POC KEV PATCH THREAT Act Now

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Command Injection Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-35393 CRITICAL POC PATCH THREAT Act Now

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
70.3%
CVE-2021-24527 CRITICAL POC Act Now

The User Registration & User Profile - Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Profile Builder
NVD WPScan
CVSS 3.1
9.8
EPSS
7.7%
CVE-2021-32827 CRITICAL POC PATCH Act Now

MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Mockserver Communications Cloud Native Core Policy
NVD GitHub
CVSS 3.1
9.6
EPSS
2.2%
CVE-2021-32825 CRITICAL POC PATCH Act Now

bblfshd is an open source self-hosted server for source code parsing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Bblfshd
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2021-37708 CRITICAL PATCH Act Now

Shopware is an open source eCommerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Shopware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy