Skip to main content
CVE-2021-43267 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Fedora H300s Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
57.6%
CVE-2021-36560 CRITICAL POC Act Now

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Phone Shop Sales Management System
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-36186 CRITICAL Act Now

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Fortinet Fortiweb
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-41232 CRITICAL PATCH Act Now

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Planning Poker
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-36794 CRITICAL Act Now

In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Investigate
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-37981 CRITICAL Act Now

Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Debian Linux
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2021-38948 CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XXE Infosphere Information Server
NVD
CVSS 3.1
9.1
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy