Skip to main content
CVE-2021-44077 CRITICAL POC KEV PATCH THREAT Act Now

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Zoho Authentication Bypass Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
9.8
EPSS
93.5%
CVE-2021-44427 CRITICAL POC PATCH THREAT Act Now

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi PostgreSQL Rosariosis
NVD
CVSS 3.1
9.8
EPSS
50.6%
CVE-2021-43691 CRITICAL POC Act Now

tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Tripexpress
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-43693 CRITICAL POC Act Now

vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Vesta Control Panel
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-24915 CRITICAL POC THREAT Act Now

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Contest Gallery
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
12.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy