Skip to main content
CVE-2021-38294 CRITICAL POC PATCH THREAT Emergency

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection RCE Storm
NVD
CVSS 3.1
9.8
EPSS
84.5%
CVE-2021-40371 CRITICAL POC Act Now

Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal RCE Request Management
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2021-24884 CRITICAL POC PATCH Act Now

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP CSRF WordPress XSS +1
NVD GitHub WPScan
CVSS 3.1
9.6
EPSS
3.1%
CVE-2021-41035 CRITICAL PATCH Act Now

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Openj9
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-40865 CRITICAL PATCH Act Now

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache RCE Storm
NVD
CVSS 3.1
9.8
EPSS
65.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy