Skip to main content
CVE-2021-41392 CRITICAL POC Act Now

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boostnote
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-39228 CRITICAL POC PATCH Act Now

Tremor is an event processing system for unstructured data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Tremor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-23442 CRITICAL POC PATCH Act Now

This affects all versions of package @cookiex/deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Cookiex Deep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-41326 CRITICAL PATCH Act Now

In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-38412 CRITICAL Act Now

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Portserver Ts 16 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41317 CRITICAL PATCH Act Now

XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

XSS Authentication Bypass Xss Hunter Express
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-39227 CRITICAL PATCH Act Now

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Apache Information Disclosure Zrender
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41303 CRITICAL PATCH Act Now

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Java Authentication Bypass Shiro Financial Services Crime And Compliance Management Studio
NVD
CVSS 3.1
9.8
EPSS
76.7%
CVE-2021-1976 CRITICAL PATCH Act Now

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Qualcomm Memory Corruption Denial Of Service Apq8009 Firmware +246
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-20790 CRITICAL Act Now

Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Revoworks Browser
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2021-20791 CRITICAL Act Now

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Revoworks Browser
NVD
CVSS 3.1
9.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy