Skip to main content
CVE-2021-42258 CRITICAL POC KEV THREAT Act Now

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Billquick Web Suite
NVD
CVSS 3.1
9.8
EPSS
73.3%
CVE-2021-42169 CRITICAL POC Act Now

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Payroll System With Dynamic Tax Bracket
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-41745 CRITICAL PATCH Act Now

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41744 CRITICAL Act Now

All versions of yongyou PLM are affected by a command injection issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ufida Product Lifecycle Management
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-38481 CRITICAL Act Now

The scheduler service running on a specific TCP port enables the user to start and stop jobs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Versiondog
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-38477 CRITICAL PATCH Act Now

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38459 CRITICAL PATCH Act Now

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38457 CRITICAL PATCH Act Now

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38449 CRITICAL Act Now

Some API functions permit by-design writing or copying data into a given buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-36357 CRITICAL PATCH Act Now

An issue was discovered in OpenPOWER 2.6 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Skiboot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38471 CRITICAL PATCH Act Now

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Versiondog
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-38453 CRITICAL PATCH Act Now

Some API functions allow interaction with the registry, which includes reading values as well as data modification. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy