Skip to main content
CVE-2021-42013 CRITICAL POC KEV PATCH THREAT Act Now

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE Http Server Fedora +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-42071 CRITICAL POC THREAT Act Now

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dvr Vx16 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
69.9%
CVE-2021-32172 CRITICAL POC THREAT Act Now

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Maian Cart
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
66.4%
CVE-2021-38298 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XXE Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-42090 CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Zammad
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-42094 CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Zammad
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-3833 CRITICAL Act Now

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integria Ims
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-37931 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37930 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37929 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37928 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37926 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37924 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37923 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37921 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37920 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37919 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37918 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37762 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2021-3832 CRITICAL Act Now

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Integria Ims
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-22958 CRITICAL PATCH Act Now

A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-22930 CRITICAL PATCH Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption Use After Free Node.js +4
NVD
CVSS 3.1
9.8
EPSS
37.3%
CVE-2021-42091 CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF Zammad
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy