Skip to main content
CVE-2021-1675 HIGH POC KEV PATCH THREAT Act Now

Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
86.1%
CVE-2021-22214 HIGH POC THREAT This Week

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.6
EPSS
27.8%
CVE-2021-31950 HIGH POC PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft SSRF Sharepoint Foundation Sharepoint Server
NVD Exploit-DB
CVSS 3.1
7.6
EPSS
4.6%
CVE-2021-23392 HIGH POC PATCH This Week

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Locutus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-33712 HIGH This Week

A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Saml
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-31343 HIGH This Week

The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Solid Edge Se2020 Firmware Solid Edge Se2021 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-31342 HIGH This Week

The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Solid Edge Se2020 Firmware Solid Edge Se2021 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-26474 HIGH This Week

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bdr Suite Offsite Dr
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-32674 HIGH PATCH This Week

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Zope
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-23169 HIGH This Week

A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openexr Fedora
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-31977 HIGH PATCH This Week

Windows Hyper-V Denial of Service Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Microsoft Denial Of Service Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2021-33739 HIGH KEV PATCH THREAT This Week

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1909 Windows 10 2004 Windows 10 20H2 +3
NVD
CVSS 3.1
8.4
EPSS
6.6%
CVE-2021-33741 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
8.2
EPSS
2.7%
CVE-2021-31980 HIGH PATCH This Week

Microsoft Intune Management Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Intune Management Extension
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-31985 HIGH PATCH This Week

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
7.8%
CVE-2021-31983 HIGH PATCH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Paint 3D
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-31973 HIGH PATCH This Week

Windows GPSVC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-31969 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-31967 HIGH PATCH This Week

VP9 Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Vp9 Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-31956 HIGH KEV PATCH THREAT This Week

Windows NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
20.1%
CVE-2021-31954 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-31953 HIGH PATCH This Week

Windows Filter Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-31952 HIGH PATCH This Week

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-31951 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-31946 HIGH PATCH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Paint 3D
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-31945 HIGH PATCH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Paint 3D
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-31943 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-31942 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-31941 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Outlook
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-31940 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-31939 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
13.3%
CVE-2021-27399 HIGH PATCH This Week

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-27390 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-27387 HIGH PATCH This Week

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-34280 HIGH This Week

Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption RCE Polaris Office
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-22550 HIGH PATCH This Week

An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Memory Corruption Information Disclosure Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-22549 HIGH PATCH This Week

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Memory Corruption Information Disclosure Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-22548 HIGH PATCH This Week

An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-31964 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2021-31948 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
1.3%
CVE-2021-33742 HIGH KEV PATCH THREAT This Week

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption RCE Windows 10 1507 +13
NVD
CVSS 3.1
7.5
EPSS
59.1%
CVE-2021-31976 HIGH PATCH This Week

Server for NFS Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-31975 HIGH PATCH This Week

Server for NFS Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-31974 HIGH PATCH This Week

Server for NFS Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.5
EPSS
6.7%
CVE-2021-31968 HIGH PATCH This Week

Windows Remote Desktop Services Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-31958 HIGH PATCH This Week

Windows NTLM Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-31340 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Simatic Rf166C Firmware Simatic Rf185C Firmware Simatic Rf186C Firmware Simatic Rf186Ci Firmware +21
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33571 HIGH PATCH This Week

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Python SSRF Django Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-33176 HIGH This Week

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Vernemq
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-33175 HIGH PATCH This Week

EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Denial Of Service Emq X Broker
NVD
CVSS 3.1
7.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy