Skip to main content
CVE-2021-35296 CRITICAL POC Act Now

An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hg150 Ub Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-41868 CRITICAL POC PATCH Act Now

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-38823 CRITICAL POC Act Now

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icehrm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37333 CRITICAL POC Act Now

Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Booking Core
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-41511 CRITICAL POC Act Now

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lodging Reservation Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-40323 CRITICAL POC PATCH THREAT Act Now

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Cobbler
NVD GitHub
CVSS 3.1
9.8
EPSS
88.5%
CVE-2021-41591 CRITICAL POC PATCH Act Now

ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Eclair
NVD GitHub
CVSS 3.1
9.4
EPSS
1.7%
CVE-2021-41100 CRITICAL Act Now

Wire-server is the backing server for the open source wire secure messaging application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Wire Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-41093 CRITICAL PATCH Act Now

Wire is an open source secure messenger. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Wire
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-23857 CRITICAL Act Now

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware Rexroth Indramotion Mlc L25 Firmware Rexroth Indramotion Mlc L45 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-41592 CRITICAL Act Now

Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Lightning
NVD GitHub
CVSS 3.1
9.4
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy