Skip to main content
CVE-2021-42216 CRITICAL POC PATCH Act Now

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Anonaddy
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-42311 CRITICAL POC PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SQLi Microsoft Defender For Iot
NVD
CVSS 3.1
10.0
EPSS
4.0%
CVE-2021-44350 CRITICAL POC Act Now

SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-4119 CRITICAL POC PATCH THREAT Act Now

bookstack is vulnerable to Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
CVSS 3.1
9.8
EPSS
26.9%
CVE-2021-27856 CRITICAL POC Act Now

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ipvpn Firmware Mpvpn Firmware Warp Firmware
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-36888 CRITICAL POC Act Now

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Image Hover Effects
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-44655 CRITICAL POC Act Now

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Online Pre Owned Used Car Showroom Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-44653 CRITICAL POC Act Now

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Online Magazine Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-43113 CRITICAL POC PATCH Act Now

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Itext Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-41560 CRITICAL POC PATCH THREAT Act Now

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Opencats
NVD GitHub
CVSS 3.1
9.8
EPSS
11.1%
CVE-2021-42313 CRITICAL PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE SQLi Microsoft Defender For Iot
NVD
CVSS 3.1
10.0
EPSS
3.8%
CVE-2021-43935 CRITICAL Act Now

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Welch Allyn Connex Cardio Welch Allyn Diagnostic Cardiology Suite Welch Allyn Rscribe Resting Ecg System Welch Allyn Vision Express Holter Analysis System +3
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-39655 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-39645 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-39644 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-39641 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-0956 CRITICAL Act Now

In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-0889 CRITICAL Act Now

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-43907 CRITICAL PATCH Act Now

Visual Studio Code WSL Extension Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows Subsystem For Linux
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-43899 CRITICAL PATCH Act Now

Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Wireless Display Adapter Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-43882 CRITICAL PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-43225 CRITICAL PATCH Act Now

Bot Framework SDK Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Bot Framework Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-43217 CRITICAL PATCH Act Now

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2021-43215 CRITICAL PATCH Act Now

iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Windows 10 Windows 11 +8
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-43214 CRITICAL PATCH Act Now

Web Media Extensions Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Raw Image Extension
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-42310 CRITICAL PATCH Act Now

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-42945 CRITICAL Act Now

A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-41844 CRITICAL Act Now

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jetengine
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43905 CRITICAL PATCH Act Now

Microsoft Office app Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE 365 Copilot
NVD
CVSS 3.1
9.6
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy