Skip to main content
CVE-2021-36879 CRITICAL POC Act Now

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Ulisting
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-24666 CRITICAL POC PATCH Act Now

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress SQLi Podlove Podcast Publisher
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
9.4%
CVE-2021-20034 CRITICAL POC THREAT Act Now

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
80.7%
CVE-2021-37270 CRITICAL Act Now

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cms Enterprise Website Construction System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41558 CRITICAL Act Now

The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Set User
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-40329 CRITICAL Act Now

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-37761 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-36880 CRITICAL Act Now

Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Ulisting
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-37539 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
93.4%
CVE-2021-36219 CRITICAL PATCH Act Now

An issue was discovered in SKALE sgxwallet 1.58.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Sgxwallet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-34416 CRITICAL Act Now

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Meeting Connector Recording Connector Virtual Room Connector Virtual Room Connector Load Balancer
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-33907 CRITICAL Act Now

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Meetings
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-40098 CRITICAL Act Now

An issue was discovered in Concrete CMS through 8.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-38299 CRITICAL PATCH Act Now

Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webauthn Framwork
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-34351 CRITICAL Act Now

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-34348 CRITICAL Act Now

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-22272 CRITICAL Act Now

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Mybuildings Mybusch Jaeger
NVD
CVSS 3.1
9.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy