Skip to main content
CVE-2021-36722 CRITICAL Act Now

Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Emuse Eservices Envoice
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38687 CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap Surveillance Station
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-35034 CRITICAL Act Now

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nbg6604 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy