Skip to main content
CVE-2021-23758 CRITICAL POC PATCH THREAT Act Now

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Ajaxpro 2
NVD GitHub
CVSS 3.1
9.8
EPSS
88.8%
CVE-2021-35414 CRITICAL POC PATCH Act Now

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-35346 CRITICAL POC PATCH Act Now

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tsmuxer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-35344 CRITICAL POC PATCH Act Now

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tsmuxer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-44352 CRITICAL POC THREAT Act Now

A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.4%
CVE-2021-44347 CRITICAL POC Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43676 CRITICAL POC PATCH Act Now

matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Swoole Php Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-44278 CRITICAL POC Act Now

Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Librenms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43674 CRITICAL POC Act Now

ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Thinkup
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-44349 CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44348 CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy