Skip to main content
CVE-2021-41269 CRITICAL POC PATCH Act Now

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Java Cron Utils
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-41266 CRITICAL POC PATCH THREAT Act Now

Minio console is a graphical user interface for the for MinIO operator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Minio Console
NVD GitHub
CVSS 3.1
9.8
EPSS
46.7%
CVE-2021-42580 CRITICAL POC Act Now

Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP File Upload Authentication Bypass Online Learning System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.0%
CVE-2021-41765 CRITICAL POC THREAT Act Now

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Resourcespace
NVD
CVSS 3.1
9.8
EPSS
67.8%
CVE-2021-41950 CRITICAL POC THREAT Act Now

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Resourcespace
NVD
CVSS 3.1
9.1
EPSS
74.9%
CVE-2021-42377 CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
9.8
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy