Skip to main content
CVE-2021-33885 CRITICAL POC Act Now

An Insufficient Verification of Data Authenticity vulnerability in B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Spacecom2
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-40084 CRITICAL POC Act Now

opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Opensysusers
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-33884 CRITICAL POC Act Now

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Spacecom2
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-37334 CRITICAL PATCH Act Now

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Forms
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-37154 CRITICAL Act Now

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Access Management
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-37153 CRITICAL Act Now

ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Management
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-39159 CRITICAL PATCH Act Now

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Kubernetes RCE Code Injection Binderhub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-1581 CRITICAL PATCH Act Now

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection File Upload Authentication Bypass Application Policy Infrastructure Controller +1
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-1577 CRITICAL Act Now

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Policy Infrastructure Controller Cloud Application Policy Infrastructure Controller
NVD
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy