ACT NOW
CVE-2021-26411
8.8
Internet Explorer contains a memory corruption vulnerability exploited by the Lazarus Group (North Korea) in campaigns targeting security researchers via social engineering and malicious websites in early 2021.
|
ACT NOW
CVE-2021-27065
7.8
Microsoft Exchange Server allows post-authentication arbitrary file write that enables web shell deployment, the primary persistence mechanism in the ProxyLogon attack chain responsible for compromising 250,000+ servers.
|
ACT NOW
CVE-2021-26858
7.8
Microsoft Exchange Server allows authenticated attackers to write arbitrary files to the server filesystem, the third component of the ProxyLogon exploit chain enabling web shell deployment.
|
ACT NOW
CVE-2021-26857
7.8
Microsoft Exchange Server Unified Messaging service contains a deserialization vulnerability that allows authenticated attackers to execute code as SYSTEM, part of the ProxyLogon exploit chain.
|
ACT NOW
CVE-2021-26855
9.1
Microsoft Exchange Server contains a server-side request forgery (SSRF) vulnerability known as 'ProxyLogon' that allows unauthenticated attackers to access Exchange backend services, chain with other vulnerabilities for full server compromise. The most impactful Exchange vulnerability in history.
|
ACT NOW
CVE-2021-1732
7.8
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by the Bitter APT group in February 2021 for targeted espionage operations.
|
ACT NOW
CVE-2021-21974
8.8
VMware ESXi versions 7.0 before U1c, 6.7 before specific patches, and 6.5 before specific patches contain a heap overflow in the OpenSLP service accessible on port 427. An attacker on the same network segment can trigger remote code execution on the ESXi hypervisor, compromising all virtual machines hosted on the server.
|
Today's Vulnerabilities Vulnerabilities
Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.
CVEs published in review
Get CVEs that hit your stack — not 200/day
Pick your technologies, get a weekly digest by email. Free, no spam.
React
Python
Postgres
+200 more
React
Next.js
Python
Postgres
AWS
+200 more
Trending Now
See all
Critical Watch
See all
KEV
POC
CVSS
No critical watch entries today
Vendor Today – Quick Filter
Techniques
POC
CISA KEV
PATCH
UNPATCHED
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0
|
3.9|
6.9|
8.9|
10
NONE
LOW
MEDIUM
HIGH
CRITICAL
CVSS Filter
– CVEs match
No CVEs match the selected criteria
Loading...
Incoming
20
Pre-NVD – not yet scored
No vulnerabilities found for this date.
Data may not have been fetched yet.
Live Feed
auto-refresh 60s
Track CVEs for your stack
Sign up free →