Skip to main content
CVE-2021-31632 CRITICAL POC Act Now

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE B2Evolution Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-36567 CRITICAL POC Act Now

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-36564 CRITICAL POC PATCH Act Now

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-43936 CRITICAL POC PATCH THREAT Act Now

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Webhmi Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
35.8%
CVE-2021-24943 CRITICAL POC Act Now

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Registrations For The Events Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-24931 CRITICAL POC THREAT Act Now

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Secure Copy Content Protection And Content Locking
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
78.8%
CVE-2021-24866 CRITICAL POC Act Now

The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Data Access
NVD WPScan
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-43044 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43042 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-43036 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PostgreSQL Brute Force Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43035 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PostgreSQL RCE Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-43033 CRITICAL POC Act Now

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Unitrends Backup
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-44682 CRITICAL Act Now

An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44681 CRITICAL Act Now

An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44680 CRITICAL Act Now

An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44679 CRITICAL Act Now

An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44678 CRITICAL Act Now

An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44677 CRITICAL Act Now

An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Hashicorp Enterprise Vault
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-40091 CRITICAL Act Now

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Squaredup
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43931 CRITICAL PATCH Act Now

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Webhmi Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-39890 CRITICAL Act Now

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy