Skip to main content
CVE-2021-22005 CRITICAL POC KEV PATCH THREAT Act Now

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-26794 CRITICAL POC Act Now

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP File Upload Frogcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-21913 CRITICAL POC Act Now

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Authentication Bypass Dir 3040 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-22945 CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Cloud Backup Clustered Data Ontap +13
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-32959 CRITICAL PATCH Act Now

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suitelink
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-22941 CRITICAL KEV THREAT Act Now

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Sharefile Storagezones Controller
NVD
CVSS 3.1
9.8
EPSS
53.6%
CVE-2021-34770 CRITICAL Act Now

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Apple Heap Overflow +2
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-34727 CRITICAL Act Now

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Denial Of Service Cisco Ios Xe Sd Wan
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-1619 CRITICAL Act Now

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple Memory Corruption Denial Of Service +146
NVD
CVSS 3.1
9.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy