Skip to main content
CVE-2021-23433 CRITICAL POC PATCH Act Now

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Algoliasearch Helper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-40391 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gerbv Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-41435 CRITICAL Act Now

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gt Ax11000 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware Rt Ax56U Firmware +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-41280 CRITICAL PATCH Act Now

Sharetribe Go is a source available marketplace software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Sharetribe
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-37592 CRITICAL Act Now

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Suricata Memory Corruption
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-36372 CRITICAL PATCH Act Now

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Ozone
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-42338 CRITICAL Act Now

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gcb Doctor
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-44026 CRITICAL KEV PATCH THREAT Act Now

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
42.8%
CVE-2021-22028 CRITICAL PATCH Act Now

In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Greenplum
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2021-39233 CRITICAL PATCH Act Now

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2021-39231 CRITICAL PATCH Act Now

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
9.1
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy