Skip to main content
CVE-2021-24040 CRITICAL POC PATCH THREAT Act Now

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Parlai
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
17.4%
CVE-2021-40373 CRITICAL POC Act Now

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Playsms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2021-3645 CRITICAL POC PATCH Act Now

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Merge
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-40864 CRITICAL PATCH Act Now

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Translate
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-37422 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-37423 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-38360 CRITICAL Act Now

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Path Traversal PHP Wp Publications
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-34346 CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap RCE Memory Corruption Nvr Storage Expansion Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-34345 CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap RCE Memory Corruption Ej1600 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-34344 CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap RCE Memory Corruption Qusbcam2
NVD
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy