Skip to main content
CVE-2021-42109 CRITICAL POC Act Now

VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Exterity Avediaserver Exterity Avediastream Encoders Firmware Avediastream M9605 Firmware Avediastream M9400 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-41566 CRITICAL Act Now

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Tadtools
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-36767 CRITICAL Act Now

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Realport Connectport Ts 8 16 Firmware Connectport Lts 8 16 32 Firmware Passport Integrated Console Server Firmware +15
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-35977 CRITICAL Act Now

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Realport Connectport Ts 8 16 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37973 CRITICAL KEV PATCH THREAT Act Now

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
11.7%
CVE-2021-30633 CRITICAL KEV THREAT Act Now

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
32.7%
CVE-2021-41975 CRITICAL Act Now

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tadtools
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-41974 CRITICAL Act Now

Tad Book3 editing book page does not perform identity verification. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tad Book3
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy