Skip to main content
CVE-2021-39615 CRITICAL POC Act Now

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 500N Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-39614 CRITICAL POC Act Now

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dvx 2000Ms Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-39613 CRITICAL POC Act Now

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dvg 3104Ms Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-24551 CRITICAL POC Act Now

The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Edit Comments
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-39290 CRITICAL POC Act Now

Certain NetModule devices allow Limited Session Fixation via PHPSESSID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Netmodule Router Software
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-38598 CRITICAL POC PATCH Act Now

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Neutron
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-3694 CRITICAL PATCH Act Now

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Information Disclosure Ledgersmb Debian Linux
NVD GitHub
CVSS 3.1
9.6
EPSS
2.4%
CVE-2021-3693 CRITICAL PATCH Act Now

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Information Disclosure Ledgersmb Debian Linux
NVD
CVSS 3.1
9.6
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy