Skip to main content
CVE-2021-21892 CRITICAL POC THREAT Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
30.4%
CVE-2021-21889 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2021-21883 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
6.1%
CVE-2021-21881 CRITICAL POC THREAT Act Now

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
37.1%
CVE-2021-21872 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.9
EPSS
6.1%
CVE-2021-45461 CRITICAL POC THREAT Act Now

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Restapps
NVD
CVSS 3.1
9.8
EPSS
21.7%
CVE-2021-40418 CRITICAL POC THREAT Act Now

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Davinci Resolve
NVD
CVSS 3.1
9.8
EPSS
17.9%
CVE-2021-40417 CRITICAL POC THREAT Act Now

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Davinci Resolve
NVD
CVSS 3.1
9.8
EPSS
15.7%
CVE-2021-40394 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gerbv Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-40393 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gerbv Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-21952 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-21903 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ic Module Cma
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-44659 CRITICAL POC Act Now

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gocd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-43631 CRITICAL POC Act Now

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43629 CRITICAL POC Act Now

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43628 CRITICAL POC Act Now

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43157 CRITICAL POC Act Now

Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43155 CRITICAL POC Act Now

Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45459 CRITICAL POC PATCH Act Now

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Node.js Command Injection Node Windows
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-21894 CRITICAL POC Act Now

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2021-21891 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2021-21890 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2021-21888 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.9%
CVE-2021-21887 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2021-21884 CRITICAL POC Act Now

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.3%
CVE-2021-21877 CRITICAL POC Act Now

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2021-21876 CRITICAL POC Act Now

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2021-21875 CRITICAL POC Act Now

A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-21874 CRITICAL POC Act Now

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-21873 CRITICAL POC Act Now

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Premierwave 2050 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-39306 CRITICAL Act Now

A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Rtl8195Am Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-37706 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Pjsip Certified Asterisk Asterisk +1
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2021-40612 CRITICAL PATCH Act Now

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Open Audit
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-44031 CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Kace Desktop Authority
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-44029 CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Kace Desktop Authority
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy