Skip to main content
CVE-2021-28481 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.8
EPSS
36.5%
CVE-2021-28480 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.8
EPSS
71.4%
CVE-2021-30175 CRITICAL POC Act Now

ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
8.5%
CVE-2021-27905 CRITICAL POC PATCH THREAT Act Now

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Solr
NVD
CVSS 3.1
9.8
EPSS
93.1%
CVE-2021-29003 CRITICAL POC THREAT Act Now

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Platinum 4410 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
45.4%
CVE-2021-29428 HIGH POC PATCH This Week

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Apple Microsoft Privilege Escalation Java Gradle +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-21784 HIGH POC This Week

An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-21399 HIGH POC This Week

Ampache is a web based audio/video streaming application and file manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ampache
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29440 HIGH POC PATCH THREAT This Week

Grav is a file based Web-platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Grav
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
30.6%
CVE-2021-29427 HIGH POC This Week

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gradle Quarkus
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-22720 HIGH POC THREAT This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal C Bus Toolkit
NVD
CVSS 3.1
7.2
EPSS
30.5%
CVE-2021-28459 MEDIUM POC PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft XSS Azure Devops Server
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-23281 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Intelligent Power Manager
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2021-23279 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
10.0
EPSS
27.1%
CVE-2021-23277 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2021-27602 CRITICAL Act Now

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Commerce
NVD
CVSS 3.1
9.9
EPSS
2.0%
CVE-2021-23280 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2021-3460 CRITICAL Act Now

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mh702X Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-0430 CRITICAL PATCH Act Now

In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-29999 CRITICAL Act Now

An issue was discovered in Wind River VxWorks through 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-29998 CRITICAL Act Now

An issue was discovered in Wind River VxWorks before 6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks Ruggedcom Win Subscriber Station Firmware Scalance X200 4 P Irt Firmware +33
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-21730 CRITICAL Act Now

A ZTE product is impacted by improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-30176 CRITICAL Act Now

The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Expert
NVD GitHub
CVSS 3.1
9.8
EPSS
29.0%
CVE-2021-22505 CRITICAL Act Now

Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Operations Agent
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-30503 CRITICAL PATCH Act Now

The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Glsl Linting
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-23278 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2021-30637 MEDIUM POC This Month

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Htmly
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2021-30044 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30042 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30039 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30034 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30030 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-29943 CRITICAL PATCH Act Now

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Solr
NVD
CVSS 3.1
9.1
EPSS
5.3%
CVE-2021-28483 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.0
EPSS
1.2%
CVE-2021-28973 MEDIUM POC This Month

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Helix Alm
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-28482 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
8.8
EPSS
83.3%
CVE-2021-28434 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28358 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28357 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28356 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-28355 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28354 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28353 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28352 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28346 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28345 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28344 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-28343 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28342 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-28341 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy