Skip to main content
CVE-2021-21811 CRITICAL POC Act Now

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Xmill
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38145 CRITICAL POC Act Now

An issue was discovered in Form Tools through 3.0.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Core
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-36356 CRITICAL POC THREAT Act Now

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Viaware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
54.4%
CVE-2021-22002 CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-34565 CRITICAL Act Now

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wha Gw F2D2 0 As Z2 Eth Firmware Wha Gw F2D2 0 As Z2 Eth Eip Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-22943 CRITICAL Act Now

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Protect
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2021-35222 CRITICAL PATCH Act Now

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Orion Platform
NVD
CVSS 3.1
9.6
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy