Skip to main content
CVE-2021-45046 CRITICAL POC KEV PATCH THREAT Act Now

Apache Log4j2 contains an incomplete fix for Log4Shell (CVE-2021-44228) that allows attackers to bypass the initial patch through Thread Context Map (MDC) input data in non-default configurations, enabling RCE and DoS.

NVD
CVSS 3.1
9.0
EPSS
94.3%
Threat
9.6
CVE-2021-40883 CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-44949 CRITICAL POC Act Now

glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45014 CRITICAL POC Act Now

There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45015 CRITICAL POC Act Now

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Taocms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-44935 CRITICAL POC Act Now

glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Glfusion
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2021-44042 CRITICAL Act Now

An issue was discovered in UiPath Assistant 21.4.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Assistant
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44041 CRITICAL Act Now

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Assistant
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-44231 CRITICAL Act Now

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-42064 CRITICAL Act Now

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Oracle SAP Java Commerce
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44538 CRITICAL PATCH Act Now

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Element Javascript Sdk Olm Schildichat +2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-44524 CRITICAL Act Now

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sipass Integrated Siveillance Identity
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-44523 CRITICAL Act Now

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sipass Integrated Siveillance Identity
NVD
CVSS 3.1
9.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy