Skip to main content
CVE-2021-21954 CRITICAL POC Act Now

A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.9
EPSS
2.4%
CVE-2021-43703 CRITICAL POC Act Now

An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-41695 CRITICAL POC Act Now

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Premiumdatingscript
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-41694 CRITICAL POC Act Now

An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Premiumdatingscript
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-3817 CRITICAL POC PATCH THREAT Act Now

wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Wbce Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
37.8%
CVE-2021-44514 CRITICAL Act Now

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2021-43608 CRITICAL PATCH Act Now

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Database Abstraction Layer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-20146 CRITICAL Act Now

An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gryphon Tower Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy