Skip to main content
CVE-2021-39296 CRITICAL POC Act Now

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openbmc
NVD GitHub
CVSS 3.1
10.0
EPSS
3.0%
CVE-2021-32835 CRITICAL POC Act Now

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Keti
NVD GitHub
CVSS 3.1
9.9
EPSS
4.6%
CVE-2021-32834 CRITICAL POC Act Now

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Keti
NVD GitHub
CVSS 3.1
9.9
EPSS
0.9%
CVE-2021-38727 CRITICAL POC Act Now

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fuel Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-38540 CRITICAL POC PATCH THREAT Act Now

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Privilege Escalation Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
80.9%
CVE-2021-32724 CRITICAL PATCH Act Now

check-spelling is a github action which provides CI spell checking. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Check Spelling
NVD GitHub
CVSS 3.1
9.9
EPSS
2.3%
CVE-2021-25449 CRITICAL Act Now

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-28913 CRITICAL Act Now

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eibport Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-28911 CRITICAL Act Now

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eibport Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-28909 CRITICAL Act Now

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eibport Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-28495 CRITICAL Act Now

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-26608 CRITICAL Act Now

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hshell
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-38408 CRITICAL Act Now

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2021-37579 CRITICAL PATCH Act Now

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java Dubbo
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-36161 CRITICAL PATCH Act Now

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Dubbo
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-1946 CRITICAL Act Now

Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8017 Firmware Apq8053 Firmware +96
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-1933 CRITICAL Act Now

UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +78
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy