Skip to main content
CVE-2021-42847 CRITICAL POC THREAT Emergency

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Adaudit Plus
NVD
CVSS 3.1
9.8
EPSS
70.3%
CVE-2021-3907 CRITICAL PATCH Act Now

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Octorpki Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-43350 CRITICAL PATCH Act Now

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection LDAP Traffic Control
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-42002 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2021-41833 CRITICAL PATCH Act Now

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE Zoho File Upload Manageengine Patch Connect Plus
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2021-41081 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
63.1%
CVE-2021-41080 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-43573 CRITICAL Act Now

A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rtl8195Am Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-34422 CRITICAL Act Now

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal RCE Keybase
NVD
CVSS 3.1
9.0
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy