Skip to main content
CVE-2021-21940 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Eufy Homebase 2 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2021-3323 CRITICAL POC Act Now

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-42325 CRITICAL POC PATCH THREAT Act Now

Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Froxlor
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
11.8%
CVE-2021-40618 CRITICAL POC Act Now

An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-21941 CRITICAL POC Act Now

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.0
EPSS
1.6%
CVE-2021-38454 CRITICAL Act Now

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Mxview
NVD
CVSS 3.1
10.0
EPSS
15.8%
CVE-2021-29644 CRITICAL Act Now

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE It Operations Director Job Management Partner 1 It Desktop Management Manager Job Management Partner 1 It Desktop Management 2 Manager +11
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-40499 CRITICAL Act Now

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38180 CRITICAL Act Now

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Business One
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-37726 CRITICAL Act Now

A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-38458 CRITICAL Act Now

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mxview
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-38456 CRITICAL Act Now

A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mxview
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38452 CRITICAL Act Now

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mxview
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-33725 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-33724 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy