Skip to main content
CVE-2021-41679 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41678 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41677 CRITICAL POC Act Now

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-36330 CRITICAL Act Now

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Streaming Data Platform
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43319 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
21.4%
CVE-2021-42099 CRITICAL Act Now

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine M365 Manager Plus
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2021-26612 CRITICAL Act Now

An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nexacro
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43202 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-42544 CRITICAL Act Now

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-3769 CRITICAL PATCH Act Now

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-3727 CRITICAL PATCH Act Now

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-3726 CRITICAL PATCH Act Now

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-42545 CRITICAL Act Now

An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-42115 CRITICAL Act Now

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Topease
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy