Skip to main content
CVE-2021-42237 CRITICAL POC KEV THREAT Emergency

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Deserialization Experience Platform
NVD VulDB
CVSS 3.1
9.8
EPSS
99.2%
Threat
7.9
CVE-2021-35368 CRITICAL POC Act Now

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-42670 CRITICAL POC Act Now

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Engineers Online Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2021-42669 CRITICAL POC THREAT Act Now

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Engineers Online Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
23.3%
CVE-2021-42668 CRITICAL POC Act Now

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Engineers Online Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2021-42667 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure RCE Online Event Booking And Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
15.8%
CVE-2021-42665 CRITICAL POC Act Now

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Engineers Online Portal
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.9%
CVE-2021-42359 CRITICAL POC Act Now

WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wp Dsgvo Tools
NVD
CVSS 3.1
9.1
EPSS
3.9%
CVE-2021-42837 CRITICAL Act Now

An issue was discovered in Talend Data Catalog before 7.3-20210930. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-25508 CRITICAL Act Now

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Smartthings
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy