Skip to main content
CVE-2021-45092 CRITICAL POC THREAT Act Now

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Thinfinity Virtualui
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
40.0%
CVE-2021-43837 CRITICAL POC PATCH Act Now

vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Hashicorp RCE Vault Cli
NVD GitHub
CVSS 3.1
9.1
EPSS
5.0%
CVE-2021-43834 CRITICAL Act Now

eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy