Skip to main content
CVE-2021-21892 CRITICAL POC THREAT Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
30.4%
CVE-2021-21889 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2021-21883 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
6.1%
CVE-2021-21881 CRITICAL POC THREAT Act Now

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
37.1%
CVE-2021-21872 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
6.1%
CVE-2021-45461 CRITICAL POC THREAT Act Now

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Restapps
NVD
CVSS 3.1
9.8
EPSS
21.7%
CVE-2021-40418 CRITICAL POC THREAT Act Now

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Davinci Resolve
NVD
CVSS 3.1
9.8
EPSS
17.9%
CVE-2021-40417 CRITICAL POC THREAT Act Now

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Davinci Resolve
NVD
CVSS 3.1
9.8
EPSS
15.7%
CVE-2021-40394 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gerbv Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-40393 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gerbv Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-21952 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-21903 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ic Module Cma
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-44659 CRITICAL POC Act Now

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gocd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-43631 CRITICAL POC Act Now

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43629 CRITICAL POC Act Now

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43628 CRITICAL POC Act Now

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43157 CRITICAL POC Act Now

Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43155 CRITICAL POC Act Now

Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45459 CRITICAL POC PATCH Act Now

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Node.js Command Injection Node Windows
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-45418 HIGH POC This Week

Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan 180 Premium Firmware Nova 360 Cabinet Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-21894 CRITICAL POC Act Now

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2021-21891 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2021-21890 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2021-21888 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.9%
CVE-2021-21887 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2021-21884 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.3%
CVE-2021-21877 CRITICAL POC Act Now

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2021-21876 CRITICAL POC Act Now

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2021-21875 CRITICAL POC Act Now

A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-21874 CRITICAL POC Act Now

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-21873 CRITICAL POC Act Now

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-21936 HIGH POC This Week

A specially-crafted HTTP request can lead to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21917 HIGH POC This Week

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21916 HIGH POC This Week

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21915 HIGH POC This Week

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21901 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ic Module Cma
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21882 HIGH POC This Week

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2021-21879 HIGH POC This Week

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Premierwave 2050
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-43630 HIGH POC This Week

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Hospital Management System In Php
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-21953 HIGH POC This Week

An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Eufy Homebase 2 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-21909 HIGH POC This Week

Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ic Module Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-21902 HIGH POC This Week

An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Ic Module Cma
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-21912 HIGH POC This Week

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation R Seenet
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-21911 HIGH POC This Week

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation R Seenet
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21910 HIGH POC This Week

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation R Seenet
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-45266 HIGH POC This Week

A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-21906 HIGH POC This Week

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Ic Module Cma
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-21905 HIGH POC This Week

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Ic Module Cma
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-21904 HIGH POC This Week

A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ic Module Cma
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-21895 HIGH POC This Week

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Premierwave 2050 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy