Skip to main content
CVE-2021-45255 CRITICAL POC Act Now

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Video Sharing Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-45253 CRITICAL POC Act Now

The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Cold Storage Managment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-45252 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Forum Discussion System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-24849 CRITICAL POC Act Now

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible
NVD WPScan
CVSS 3.1
9.8
EPSS
8.5%
CVE-2021-4139 CRITICAL POC PATCH Act Now

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2021-27453 CRITICAL Act Now

Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amegaview
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-27451 CRITICAL Act Now

Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amegaview
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-27447 CRITICAL Act Now

Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Amegaview
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-36336 CRITICAL PATCH Act Now

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Wyse Management Suite
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-45090 CRITICAL Act Now

Stormshield Endpoint Security before 2.1.2 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Endpoint Security
NVD
CVSS 3.1
9.8
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy