Skip to main content
CVE-2021-23438 CRITICAL POC PATCH Act Now

This affects the package mpath before 0.8.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Mpath
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-23436 CRITICAL POC PATCH Act Now

This affects the package immer before 9.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Immer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-40350 CRITICAL POC Act Now

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dwu850 Gs Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-23427 CRITICAL POC Act Now

This affects all versions of package elFinder.NetCore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Elfinder Netcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-39379 CRITICAL POC Act Now

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-39378 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
22.7%
CVE-2021-39377 CRITICAL POC Act Now

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-37415 CRITICAL POC KEV THREAT Act Now

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-40353 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-36020 CRITICAL PATCH Act Now

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-23428 CRITICAL Act Now

This affects all versions of package elFinder.NetCore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Elfinder Netcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-39185 CRITICAL PATCH Act Now

Http4s is a minimal, idiomatic Scala interface for HTTP services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy