Skip to main content
CVE-2021-28141 CRITICAL POC Act Now

An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Telerik Ui For Asp Net Ajax
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-28132 CRITICAL POC Act Now

LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Security Awareness
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-28134 CRITICAL POC PATCH Act Now

Clipper before 1.0.5 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Clipper
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-27080 CRITICAL POC PATCH Act Now

Azure Sphere Unsigned Code Execution Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Azure Sphere
NVD
CVSS 3.1
9.3
EPSS
1.2%
CVE-2021-28154 CRITICAL POC Act Now

Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Modeler
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-28144 HIGH POC PATCH This Week

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 3060 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2021-28143 HIGH POC PATCH THREAT This Week

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

D-Link Command Injection Dir 841 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
32.0%
CVE-2021-26868 HIGH POC PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2021-26863 HIGH POC PATCH THREAT This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
12.2%
CVE-2021-21363 HIGH POC PATCH This Week

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Swagger Codegen
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-26411 HIGH KEV PATCH THREAT Act Now

Internet Explorer contains a memory corruption vulnerability exploited by the Lazarus Group (North Korea) in campaigns targeting security researchers via social engineering and malicious websites in early 2021.

NVD
CVSS 3.1
8.8
EPSS
92.5%
CVE-2021-27074 MEDIUM POC PATCH This Month

Azure Sphere Unsigned Code Execution Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Azure Sphere
NVD
CVSS 3.1
6.2
EPSS
1.0%
CVE-2021-26867 CRITICAL PATCH Act Now

Windows Hyper-V Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016
NVD
CVSS 3.1
9.9
EPSS
2.6%
CVE-2021-22714 CRITICAL Act Now

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Powerlogic Ion7400 Firmware Powerlogic Pm8000 Firmware Powerlogic Ion9000 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-26897 CRITICAL PATCH Act Now

Windows DNS Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
9.8
EPSS
13.9%
CVE-2021-26895 CRITICAL PATCH Act Now

Windows DNS Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2021-26894 CRITICAL PATCH Act Now

Windows DNS Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2021-26893 CRITICAL PATCH Act Now

Windows DNS Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2021-26877 CRITICAL PATCH Act Now

Windows DNS Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
9.8
EPSS
19.3%
CVE-2021-28088 MEDIUM POC This Month

Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Impresscms
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-27679 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Batflat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27678 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Batflat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27677 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Batflat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-26776 MEDIUM POC This Month

CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Csz Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-28153 MEDIUM POC This Month

An issue was discovered in GNOME GLib before 2.66.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glib Brocade Fabric Operating System Firmware Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2021-27085 HIGH KEV PATCH THREAT This Week

Internet Explorer Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Internet Explorer
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-27076 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Business Productivity Servers Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
14.4%
CVE-2021-26876 HIGH PATCH This Week

OpenType Font Parsing Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-26865 HIGH PATCH This Week

Windows Container Execution Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-26864 HIGH PATCH This Week

Windows Virtual Registry Provider Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2021-21381 HIGH PATCH This Week

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Flatpak Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.2
EPSS
1.5%
CVE-2021-21378 HIGH PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
8.2
EPSS
1.7%
CVE-2021-22712 HIGH PATCH This Week

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-22711 HIGH PATCH This Week

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-22710 HIGH PATCH This Week

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-22709 HIGH PATCH This Week

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-27084 HIGH PATCH This Week

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Java Maven For Java
NVD
CVSS 3.1
7.8
EPSS
61.4%
CVE-2021-27083 HIGH PATCH This Week

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Remote Development
NVD
CVSS 3.1
7.8
EPSS
63.4%
CVE-2021-27082 HIGH PATCH This Week

Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Quantum Development Kit
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2021-27081 HIGH PATCH This Week

Visual Studio Code ESLint Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Eslint
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-27077 HIGH PATCH This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-27062 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE High Efficiency Video Coding
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-27061 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE High Efficiency Video Coding
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2021-27060 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-27058 HIGH PATCH This Week

Microsoft Office ClickToRun Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2021-27057 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-27056 HIGH PATCH This Week

Microsoft PowerPoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Powerpoint
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-27054 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-27053 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-27051 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE High Efficiency Video Coding
NVD
CVSS 3.1
7.8
EPSS
2.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy