Skip to main content
CVE-2021-1732 HIGH POC KEV PATCH THREAT Act Now

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by the Bitter APT group in February 2021 for targeted espionage operations.

Windows
NVD
CVSS 3.1
7.8
EPSS
90.1%
Threat
9.3
CVE-2021-24091 HIGH POC PATCH This Week

Windows Camera Codec Pack Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Memory Corruption RCE Windows 10 +2
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-3273 HIGH POC This Week

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Nagios Xi
NVD GitHub
CVSS 3.1
7.2
EPSS
5.6%
CVE-2021-24093 HIGH PATCH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
43.8%
CVE-2021-24088 HIGH PATCH This Week

Windows Local Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-24072 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-24066 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2021-1728 HIGH PATCH This Week

System Center Operations Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation System Center Operations Manager
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-24105 HIGH PATCH This Week

<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Python RCE Apple Microsoft Node.js +2
NVD
CVSS 3.1
8.4
EPSS
2.1%
CVE-2021-26701 HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core Powershell Core Visual Studio 2019 +1
NVD
CVSS 3.1
8.1
EPSS
30.3%
CVE-2021-24112 HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core Mono Visual Studio 2019
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2021-1722 HIGH PATCH This Week

Windows Fax Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2021-1726 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +8
NVD
CVSS 3.1
8.0
EPSS
2.0%
CVE-2021-26700 HIGH PATCH MAL This Week

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Node.js npm
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2021-25195 HIGH PATCH This Week

Windows PKU2U Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-24103 HIGH PATCH This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-24102 HIGH PATCH This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-24096 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-24092 HIGH PATCH This Week

Microsoft Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows Defender Endpoint Protection Security Essentials +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-24083 HIGH PATCH This Week

Windows Address Book Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption RCE Windows 10 +7
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2021-24081 HIGH PATCH This Week

Microsoft Windows Codecs Library Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption RCE Windows 10 +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-24070 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-24069 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-24068 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Office Web Apps
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-24067 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-1733 HIGH PATCH This Week

Sysinternals PsExec Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Psexec
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1727 HIGH PATCH This Week

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-1698 HIGH PATCH This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-21066 HIGH PATCH This Week

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2021-21065 HIGH PATCH This Week

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.0
7.8
EPSS
3.4%
CVE-2021-24111 HIGH PATCH This Week

.NET Framework Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Framework
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-24086 HIGH PATCH This Week

Windows TCP/IP Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
59.0%
CVE-2021-1734 HIGH PATCH This Week

Windows Remote Procedure Call Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-24087 HIGH PATCH This Week

Azure IoT CLI extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-1639 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Visual Studio 2017 Visual Studio 2019 Visual Studio Code
NVD
CVSS 3.1
7.0
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy