Skip to main content
CVE-2021-3757 CRITICAL POC PATCH Act Now

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Immer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-34746 CRITICAL POC THREAT Act Now

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Authentication Bypass Enterprise Nfv Infrastructure Software
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
CVE-2021-34436 CRITICAL Act Now

In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal XXE Theia
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-22704 CRITICAL Act Now

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Authentication Bypass Vijeo Designer Ecostruxure Machine Expert
NVD
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy