Skip to main content
CVE-2021-34473 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains a pre-authentication SSRF vulnerability known as 'ProxyShell' that allows unauthenticated attackers to access Exchange backend services and achieve remote code execution when chained with CVE-2021-34523 and CVE-2021-31207.

NVD
CVSS 3.1
9.1
EPSS
94.2%
Threat
9.6
CVE-2021-34523 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains a privilege escalation vulnerability in the PowerShell backend that allows authenticated Exchange users to escalate to Exchange admin, the second component of the ProxyShell attack chain.

NVD
CVSS 3.1
9.0
EPSS
93.9%
Threat
9.6
CVE-2021-35211 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption RCE Serv U
NVD
CVSS 3.1
10.0
EPSS
91.2%
CVE-2021-25953 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Putil Merge
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-0515 CRITICAL Act Now

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-22779 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect Modicon M580 Bmep581020 Firmware +28
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy