Skip to main content
CVE-2021-40539 CRITICAL POC KEV PATCH THREAT Act Now

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Zoho Authentication Bypass Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.8
EPSS
99.0%
CVE-2021-39497 CRITICAL POC Act Now

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Eyoucms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-38840 CRITICAL POC Act Now

SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Water Refilling Station Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-40540 CRITICAL POC PATCH Act Now

ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ulfius
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-32802 CRITICAL Act Now

Nextcloud server is an open source, self hosted personal cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud PHP Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-35946 CRITICAL Act Now

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37716 CRITICAL PATCH Act Now

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-36163 CRITICAL PATCH Act Now

In Apache Dubbo, users may choose to use the Hessian protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Dubbo
NVD
CVSS 3.1
9.8
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy