Skip to main content
CVE-2021-27065 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server allows post-authentication arbitrary file write that enables web shell deployment, the primary persistence mechanism in the ProxyLogon attack chain responsible for compromising 250,000+ servers.

NVD Exploit-DB
CVSS 3.1
7.8
EPSS
94.3%
Threat
9.4
CVE-2021-26858 HIGH KEV PATCH THREAT Act Now

Microsoft Exchange Server allows authenticated attackers to write arbitrary files to the server filesystem, the third component of the ProxyLogon exploit chain enabling web shell deployment.

NVD
CVSS 3.1
7.8
EPSS
53.0%
CVE-2021-26857 HIGH KEV PATCH THREAT Act Now

Microsoft Exchange Server Unified Messaging service contains a deserialization vulnerability that allows authenticated attackers to execute code as SYSTEM, part of the ProxyLogon exploit chain.

NVD
CVSS 3.1
7.8
EPSS
40.5%
CVE-2021-22884 HIGH POC PATCH THREAT This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Authentication Bypass Node Js Fedora Active Iq Unified Manager +10
NVD
CVSS 3.1
7.5
EPSS
32.4%
CVE-2021-26813 HIGH POC PATCH This Week

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Markdown2 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-21979 HIGH POC This Week

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Docker PHP Authentication Bypass Containers
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2021-27927 HIGH PATCH This Week

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Zabbix
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-20076 HIGH This Week

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Tenable Sc
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-20233 HIGH PATCH This Week

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2021-22863 HIGH This Week

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Github
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-22683 HIGH This Week

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-22670 HIGH This Week

An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-22666 HIGH This Week

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-22662 HIGH This Week

A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-22638 HIGH This Week

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-25315 HIGH PATCH This Week

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Salt
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-27935 HIGH PATCH This Week

An issue was discovered in AdGuard before 0.105.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Adguard Home
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2021-22883 HIGH PATCH This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora E Series Performance Analyzer +6
NVD
CVSS 3.1
7.5
EPSS
77.4%
CVE-2021-20442 HIGH PATCH This Week

IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Verify Bridge
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-27923 HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-27922 HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2021-27921 HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy