Skip to main content
CVE-2021-38647 CRITICAL POC KEV PATCH THREAT Act Now

Open Management Infrastructure Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Azure Automation State Configuration Azure Automation Update Management Azure Diagnostics Lad Azure Open Management Infrastructure +6
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2021-33690 CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure SSRF SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
9.9
EPSS
67.7%
CVE-2021-40881 CRITICAL POC Act Now

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Publiccms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-33045 CRITICAL POC KEV THREAT Act Now

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dahua Authentication Bypass Ipc Hum7Xxx Firmware Ipc Hx3Xxx Firmware Ipc Hx5Xxx Firmware +15
NVD
CVSS 3.1
9.8
EPSS
99.6%
CVE-2021-33044 CRITICAL POC KEV THREAT Act Now

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dahua Authentication Bypass Ipc Hum7Xxx Firmware Ipc Hx3Xxx Firmware Ipc Hx5Xxx Firmware +16
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-3797 CRITICAL POC PATCH Act Now

hestiacp is vulnerable to Use of Wrong Operator in String Comparison. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-3751 CRITICAL POC PATCH Act Now

libmobi is vulnerable to Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Libmobi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-33701 CRITICAL POC Act Now

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi SAP Dmis S4core Sapscore
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2021-37913 CRITICAL Act Now

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Oaklouds Portal
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-37912 CRITICAL Act Now

The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Oaklouds Portal
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-37909 CRITICAL Act Now

WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Tssservisignadapter
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-39392 CRITICAL Act Now

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Mylittlebackup
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-33695 CRITICAL PATCH Act Now

Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure SAP Cloud Connector
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy