Skip to main content
CVE-2021-38013 CRITICAL POC Act Now

Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2021-44453 CRITICAL Act Now

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43987 CRITICAL Act Now

An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mypro
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43985 CRITICAL Act Now

An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mypro
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-43984 CRITICAL Act Now

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43981 CRITICAL Act Now

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-27007 CRITICAL Act Now

NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Virtual Desktop Service
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-23198 CRITICAL Act Now

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-22657 CRITICAL Act Now

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-44526 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-44548 CRITICAL PATCH Act Now

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Information Disclosure Apache Solr
NVD
CVSS 3.1
9.8
EPSS
5.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy