Skip to main content
CVE-2021-40519 CRITICAL POC Act Now

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
10.0
EPSS
1.1%
CVE-2021-33816 CRITICAL POC PATCH Act Now

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Dolibarr Erp Crm
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-40520 CRITICAL POC Act Now

Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-40521 CRITICAL POC Act Now

Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2021-43136 CRITICAL POC THREAT Act Now

An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Formalms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
15.7%
CVE-2021-43523 CRITICAL POC PATCH Act Now

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Uclibc Uclibc Ng
NVD GitHub
CVSS 3.1
9.6
EPSS
3.3%
CVE-2021-3064 CRITICAL Act Now

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Stack Overflow Pan Os
NVD
CVSS 3.1
9.8
EPSS
19.1%
CVE-2021-26443 CRITICAL PATCH Act Now

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
9.0
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy