Skip to main content
CVE-2021-34473 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains a pre-authentication SSRF vulnerability known as 'ProxyShell' that allows unauthenticated attackers to access Exchange backend services and achieve remote code execution when chained with CVE-2021-34523 and CVE-2021-31207.

NVD
CVSS 3.1
9.1
EPSS
94.2%
Threat
9.6
CVE-2021-34523 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains a privilege escalation vulnerability in the PowerShell backend that allows authenticated Exchange users to escalate to Exchange admin, the second component of the ProxyShell attack chain.

NVD
CVSS 3.1
9.0
EPSS
93.9%
Threat
9.6
CVE-2021-35211 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption RCE Serv U
NVD
CVSS 3.1
10.0
EPSS
91.2%
CVE-2021-25953 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Putil Merge
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-34173 HIGH POC This Week

An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Esp32 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-23407 HIGH POC PATCH This Week

This affects the package elFinder.Net.Core from 0 and before 1.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Elfinder Net Core
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-33766 HIGH POC KEV PATCH THREAT This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
7.3
EPSS
97.5%
CVE-2021-33213 MEDIUM POC This Month

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Http Commander
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-33211 MEDIUM POC This Month

A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Http Commander
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-33678 MEDIUM POC This Month

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-0515 CRITICAL Act Now

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-33212 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Http Commander
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22779 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect Modicon M580 Bmep581020 Firmware +28
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2021-34525 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-34508 HIGH PATCH This Week

Windows Kernel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-34494 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-33780 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-33756 HIGH PATCH This Week

Windows DNS Snap-in Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-33752 HIGH PATCH This Week

Windows DNS Snap-in Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-33750 HIGH PATCH This Week

Windows DNS Snap-in Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-33749 HIGH PATCH This Week

Windows DNS Snap-in Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-0592 HIGH This Week

In various functions in WideVine, there are possible out of bounds writes due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-33671 HIGH This Week

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Guided Procedures
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-20782 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Software License Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-20781 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-34174 MEDIUM POC This Month

A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Broadcom Bcm4352 Firmware Bcm43684 Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-34469 HIGH PATCH This Week

Microsoft Office Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Office
NVD
CVSS 3.1
8.2
EPSS
3.3%
CVE-2021-33767 HIGH PATCH This Week

Open Enclave SDK Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Open Enclave Software Development Kit
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2021-34520 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2021-34492 HIGH PATCH This Week

Windows Certificate Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2021-33786 HIGH PATCH This Week

Windows LSA Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2021-33781 HIGH PATCH This Week

Azure AD Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2021-33779 HIGH PATCH This Week

Windows AD FS Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2021-0514 HIGH This Week

In several functions of the V8 library, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google RCE Denial Of Service Race Condition Android
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-34474 HIGH PATCH This Week

Dynamics Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

RCE Dynamics 365 Business Central
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2021-34470 HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.0
EPSS
3.3%
CVE-2021-33768 HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.0
EPSS
1.2%
CVE-2021-33754 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2021-33746 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2021-0594 HIGH This Week

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.0
EPSS
1.4%
CVE-2021-34529 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2021-34528 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-34522 HIGH PATCH This Week

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-34521 HIGH PATCH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-34518 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Office Web Apps Server
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-34516 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-34514 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-34513 HIGH PATCH This Week

Storage Spaces Controller Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-34512 HIGH PATCH This Week

Storage Spaces Controller Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-34511 HIGH PATCH This Week

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows Server 2008 +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy