Skip to main content
CVE-2021-1675 HIGH POC KEV PATCH THREAT Act Now

Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
86.1%
CVE-2021-28293 CRITICAL POC Act Now

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aisiem
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-22214 HIGH POC THREAT This Week

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.6
EPSS
27.8%
CVE-2021-31950 HIGH POC PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft SSRF Sharepoint Foundation Sharepoint Server
NVD Exploit-DB
CVSS 3.1
7.6
EPSS
4.6%
CVE-2021-23392 HIGH POC PATCH This Week

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Locutus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-31807 MEDIUM POC PATCH THREAT This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Squid Fedora Cloud Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
16.0%
CVE-2021-31738 MEDIUM POC This Month

Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Loganalyzer
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-26473 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-26472 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft PHP Command Injection Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-26471 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32673 CRITICAL PATCH Act Now

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Reg Keygen Git Hash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-3564 MEDIUM POC This Month

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-31962 CRITICAL PATCH Act Now

Kerberos AppContainer Security Feature Bypass Vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
9.4
EPSS
3.8%
CVE-2021-32106 MEDIUM POC PATCH This Month

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Icecoder
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-33712 HIGH This Week

A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Saml
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-31343 HIGH This Week

The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Solid Edge Se2020 Firmware Solid Edge Se2021 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-31342 HIGH This Week

The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Solid Edge Se2020 Firmware Solid Edge Se2021 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-26474 HIGH This Week

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bdr Suite Offsite Dr
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-32674 HIGH PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Zope
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-23169 HIGH This Week

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openexr Fedora
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-31977 HIGH PATCH This Week

Windows Hyper-V Denial of Service Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Microsoft Denial Of Service Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2021-32658 MEDIUM POC PATCH This Month

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2021-33739 HIGH KEV PATCH THREAT This Week

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1909 Windows 10 2004 Windows 10 20H2 +3
NVD
CVSS 3.1
8.4
EPSS
6.6%
CVE-2021-33741 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
8.2
EPSS
2.7%
CVE-2021-31980 HIGH PATCH This Week

Microsoft Intune Management Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Intune Management Extension
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-31985 HIGH PATCH This Week

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
7.8%
CVE-2021-31983 HIGH PATCH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Paint 3D
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-31973 HIGH PATCH This Week

Windows GPSVC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-31969 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-31967 HIGH PATCH This Week

VP9 Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Vp9 Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-31956 HIGH KEV PATCH THREAT This Week

Windows NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
20.1%
CVE-2021-31954 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-31953 HIGH PATCH This Week

Windows Filter Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-31952 HIGH PATCH This Week

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-31951 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-31946 HIGH PATCH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Paint 3D
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-31945 HIGH PATCH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Paint 3D
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-31943 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-31942 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-31941 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Outlook
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-31940 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-31939 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
13.3%
CVE-2021-27399 HIGH PATCH This Week

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-27390 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-27387 HIGH PATCH This Week

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-34280 HIGH This Week

Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption RCE Polaris Office
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-22550 HIGH PATCH This Week

An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Memory Corruption Information Disclosure Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-22549 HIGH PATCH This Week

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Memory Corruption Information Disclosure Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-22548 HIGH PATCH This Week

An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-31964 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy