Skip to main content
CVE-2021-26855 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains a server-side request forgery (SSRF) vulnerability known as 'ProxyLogon' that allows unauthenticated attackers to access Exchange backend services, chain with other vulnerabilities for full server compromise. The most impactful Exchange vulnerability in history.

NVD Exploit-DB
CVSS 3.1
9.1
EPSS
94.0%
Threat
9.6
CVE-2021-21978 CRITICAL POC THREAT Emergency

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload VMware View Planner
NVD
CVSS 3.1
9.8
EPSS
99.0%
CVE-2021-27215 CRITICAL POC PATCH Act Now

An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Genuagate
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-27931 CRITICAL POC THREAT Act Now

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Lumis Experience Platform
NVD GitHub
CVSS 3.1
9.1
EPSS
18.6%
CVE-2021-21353 CRITICAL POC PATCH Act Now

Pug is an npm package which is a high-performance template engine. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Node.js Pug Pug Code Gen
NVD GitHub
CVSS 3.1
9.0
EPSS
4.3%
CVE-2021-22681 CRITICAL KEV THREAT Act Now

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Factorytalk Services Platform Rslogix 5000 Studio 5000 Logix Designer
NVD
CVSS 3.1
9.8
EPSS
25.5%
CVE-2021-21352 CRITICAL PATCH Act Now

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Time Tracker
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2021-27078 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.1
EPSS
18.3%
CVE-2021-26412 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.1
EPSS
30.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy