Skip to main content
CVE-2021-44966 CRITICAL POC Act Now

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Record Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-43117 CRITICAL POC Act Now

fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fastadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-24951 CRITICAL POC Act Now

The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Learnpress
NVD WPScan
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-24946 CRITICAL POC THREAT Act Now

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Modern Events Calendar Lite
NVD GitHub WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
72.8%
CVE-2021-24863 CRITICAL POC Act Now

The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Stop Bad Bots
NVD WPScan
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-24857 CRITICAL POC Act Now

The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Totop Link
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-44152 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in Reprise RLM 14.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Reprise License Manager
NVD
CVSS 3.1
9.8
EPSS
58.6%
CVE-2021-44847 CRITICAL POC Act Now

A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Toxcore Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-24922 CRITICAL POC Act Now

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Pixel Cat
NVD WPScan
CVSS 3.1
9.0
EPSS
0.5%
CVE-2021-24045 CRITICAL PATCH Act Now

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-32024 CRITICAL PATCH Act Now

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Qnx Software Development Platform
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-39065 CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Copy Data Management
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-39052 CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Java Spectrum Copy Data Management
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-22279 CRITICAL Act Now

A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Omnicore C30 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-39063 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy