Skip to main content
CVE-2021-23448 CRITICAL POC Act Now

All versions of package config-handler are vulnerable to Prototype Pollution when loading config files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Config Handler
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-40617 CRITICAL POC Act Now

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-40239 CRITICAL POC Act Now

A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Miniftpd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-40543 CRITICAL POC Act Now

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-40887 CRITICAL POC Act Now

Projectsend version r1295 is affected by a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Projectsend
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-40889 CRITICAL POC Act Now

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Cmsuno
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-42139 CRITICAL POC Act Now

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Deno Standard Modules
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-41117 CRITICAL POC PATCH Act Now

keypair is a a RSA PEM key generator written in javascript. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keypair
NVD GitHub
CVSS 3.1
9.1
EPSS
3.0%
CVE-2021-26588 CRITICAL Act Now

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3Par Os Primera 630 Firmware Primera 650 Firmware Primera 670 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-37123 CRITICAL Act Now

There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hero Ct060 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-27664 CRITICAL Act Now

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Exacqvision Web Service
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy