ACT NOW
CVE-2021-27065
7.8
Microsoft Exchange Server allows post-authentication arbitrary file write that enables web shell deployment, the primary persistence mechanism in the ProxyLogon attack chain responsible for compromising 250,000+ servers.
|
ACT NOW
CVE-2021-26858
7.8
Microsoft Exchange Server allows authenticated attackers to write arbitrary files to the server filesystem, the third component of the ProxyLogon exploit chain enabling web shell deployment.
|
ACT NOW
CVE-2021-26857
7.8
Microsoft Exchange Server Unified Messaging service contains a deserialization vulnerability that allows authenticated attackers to execute code as SYSTEM, part of the ProxyLogon exploit chain.
|
ACT NOW
CVE-2021-26855
9.1
Microsoft Exchange Server contains a server-side request forgery (SSRF) vulnerability known as 'ProxyLogon' that allows unauthenticated attackers to access Exchange backend services, chain with other vulnerabilities for full server compromise. The most impactful Exchange vulnerability in history.
|
ACT NOW
CVE-2021-1732
7.8
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by the Bitter APT group in February 2021 for targeted espionage operations.
|
ACT NOW
CVE-2021-21974
8.8
VMware ESXi versions 7.0 before U1c, 6.7 before specific patches, and 6.5 before specific patches contain a heap overflow in the OpenSLP service accessible on port 427. An attacker on the same network segment can trigger remote code execution on the ESXi hypervisor, compromising all virtual machines hosted on the server.
|
Today's Vulnerabilities Vulnerabilities
Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.
CVEs published in review
Track vulnerabilities that matter to your stack
Personalized alerts, dashboards, and weekly digests – free.
Trending Now
🚨
GHSA
MAL
CVSS
NEWS
No trending vulnerabilities right now
Critical Watch
KEV
POC
CVSS
No critical watch entries today
Vendor Today – Quick Filter
Techniques
POC
CISA KEV
PATCH
UNPATCHED
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0
|
3.9|
6.9|
8.9|
10
NONE
LOW
MEDIUM
HIGH
CRITICAL
CVSS Filter
– CVEs match
No CVEs match the selected criteria
Loading...
No vulnerabilities found for this date.
Data may not have been fetched yet.
Live Feed
auto-refresh 60s
KEV
POC
No new CVEs in the last 2 hours. Check back soon.