Skip to main content
CVE-2021-41649 CRITICAL POC THREAT Act Now

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping System Advanced
NVD GitHub
CVSS 3.1
9.8
EPSS
51.8%
CVE-2021-40960 CRITICAL POC Act Now

Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Galera Webtemplate
NVD
CVSS 3.1
9.8
EPSS
9.8%
CVE-2021-41110 CRITICAL POC PATCH Act Now

cwlviewer is a web application to view and share Common Workflow Language workflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Cwlviewer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-3825 CRITICAL POC Act Now

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Liderahenk
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2021-41647 CRITICAL POC Act Now

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Food Ordering Web App
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2021-36298 CRITICAL PATCH Act Now

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Authentication Bypass Isilon Insightiq Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-34352 CRITICAL PATCH Act Now

A command injection vulnerability has been reported to affect QNAP device running QVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Qnap Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy