Skip to main content
CVE-2021-31207 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft Exchange Server Security Feature Bypass Vulnerability

NVD
CVSS 3.1
6.6
EPSS
93.8%
Threat
9.1
CVE-2021-31181 HIGH POC PATCH THREAT Act Now

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
30.0%
CVE-2021-32605 CRITICAL POC Act Now

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zzzphp
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-31166 CRITICAL POC KEV PATCH THREAT Act Now

HTTP Protocol Stack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Windows 10 2004 Windows 10 20H2 +2
NVD GitHub
CVSS 3.1
9.8
EPSS
99.7%
CVE-2021-29508 CRITICAL POC Act Now

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Microsoft Wire
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-26419 HIGH POC PATCH THREAT This Week

Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
22.6%
CVE-2021-31195 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Authentication Bypass Exchange Server
NVD
CVSS 3.1
6.5
EPSS
73.7%
CVE-2021-32560 MEDIUM POC PATCH This Month

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-31537 MEDIUM POC This Month

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sis Rewe Go
NVD
CVSS 3.1
6.1
EPSS
7.8%
CVE-2021-32561 MEDIUM POC PATCH This Month

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Octoprint
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-21990 MEDIUM POC This Month

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS VMware Workspace One Unified Endpoint Management
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28476 CRITICAL PATCH Act Now

Windows Hyper-V Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
9.9
EPSS
38.6%
CVE-2021-32089 CRITICAL Act Now

An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE File Upload Fx9500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-31915 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-31914 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-31897 CRITICAL Act Now

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webstorm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-31909 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-32563 CRITICAL PATCH Act Now

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Thunar
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-24588 LOW POC CISA Monitor

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ieee 802 11 Mac80211 Windows 10 Windows 7 +177
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.3%
Threat
4.2
CVE-2021-32604 MEDIUM POC This Month

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Serv U
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-31194 HIGH PATCH This Week

OLE Automation Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-28474 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
50.6%
CVE-2021-28455 HIGH PATCH This Week

Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE 365 Apps Office Windows 10 +7
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-27068 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Visual Studio 2019
NVD
CVSS 3.1
8.8
EPSS
53.6%
CVE-2021-32573 MEDIUM POC This Month

The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js XSS Express Cart
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-31912 HIGH This Week

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-31899 HIGH This Week

In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Code With Me
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-26144 MEDIUM CISA This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Code Injection Galaxy I9305 Firmware C 250 Firmware C 260 Firmware +15
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-26143 MEDIUM CISA This Month

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware C 75 Firmware O 90 Firmware +3
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-26141 MEDIUM CISA This Month

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware Meraki Gr10 Firmware Meraki Gr60 Firmware +92
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-26140 MEDIUM CISA This Month

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware Scalance W1748 1 Firmware Scalance W1750D Firmware +191
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-32606 HIGH PATCH This Week

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Privilege Escalation Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31214 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-31213 HIGH PATCH This Week

Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Remote
NVD
CVSS 3.1
7.8
EPSS
52.8%
CVE-2021-31211 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-31208 HIGH PATCH This Week

Windows Container Manager Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-31198 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2021-31193 HIGH PATCH This Week

Windows SSDP Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-31192 HIGH PATCH This Week

Windows Media Foundation Core Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-31190 HIGH PATCH This Week

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-31188 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption Information Disclosure Windows 10 +7
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-31187 HIGH PATCH This Week

Windows WalletService Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-31180 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Word
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-31179 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
13.5%
CVE-2021-31177 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +5
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2021-31176 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2021-31175 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2021-31170 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption Information Disclosure Windows 10 +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-31169 HIGH PATCH This Week

Windows Container Manager Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-31168 HIGH PATCH This Week

Windows Container Manager Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
1.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy