Skip to main content
CVE-2021-40462 HIGH PATCH This Week

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 11 21H2 +4
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-40450 HIGH KEV PATCH THREAT This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1809 Windows 10 1909 Windows 10 2004 Windows 10 20H2 +6
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-40443 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-26441 HIGH PATCH This Week

Storage Spaces Controller Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows 11 Windows 8 1 Windows Rt 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-40463 HIGH PATCH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 21H2 Windows 8 1 +5
NVD
CVSS 3.1
7.7
EPSS
2.4%
CVE-2021-40484 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
1.3%
CVE-2021-40483 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
1.3%
CVE-2021-39304 HIGH This Week

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Protection
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-34814 HIGH This Week

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spam Engine
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-41352 HIGH PATCH This Week

SCOM Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure System Center Operations Manager
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-40476 HIGH PATCH This Week

Windows AppContainer Elevation Of Privilege Vulnerability. Rated high severity (CVSS 7.5). This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-36953 HIGH PATCH This Week

Windows TCP/IP Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2021-34453 HIGH PATCH This Week

Microsoft Exchange Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Exchange Server
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-20833 HIGH This Week

The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Snkrdunk
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-40457 HIGH PATCH This Week

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365
NVD
CVSS 3.1
7.4
EPSS
1.5%
CVE-2021-40843 HIGH This Week

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Deserialization RCE Insider Threat Management Server
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-40469 HIGH PATCH This Week

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.2
EPSS
6.9%
CVE-2021-40481 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
7.1
EPSS
5.6%
CVE-2021-41334 HIGH PATCH This Week

Windows Desktop Bridge Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-26442 HIGH PATCH This Week

Windows HTTP.sys Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2021-41342 MEDIUM PATCH This Month

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.8
EPSS
1.5%
CVE-2021-22036 MEDIUM This Month

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Information Disclosure VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20804 MEDIUM This Month

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Remote Service Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20801 MEDIUM This Month

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XXE Remote Service Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20796 MEDIUM This Month

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Remote Service Manager
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-41350 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-41332 MEDIUM PATCH This Month

Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-40460 MEDIUM PATCH This Month

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-41139 MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-40732 MEDIUM This Month

XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-20834 MEDIUM This Month

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Nike
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-20807 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20806 MEDIUM This Month

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Remote Service Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41355 MEDIUM PATCH This Month

.NET Core and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Net Powershell Visual Studio 2019
NVD
CVSS 3.1
5.7
EPSS
20.3%
CVE-2021-41343 MEDIUM PATCH This Month

Windows Fast FAT File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-41338 MEDIUM PATCH This Month

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
3.2%
CVE-2021-41336 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 11 Windows Server 2022
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40475 MEDIUM PATCH This Month

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40472 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +3
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40468 MEDIUM PATCH This Month

Windows Bind Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40455 MEDIUM PATCH This Month

Windows Installer Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-40454 MEDIUM PATCH This Month

Rich Text Edit Control Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure 365 Apps Office Windows 10 Windows 11 +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-38663 MEDIUM PATCH This Month

Windows exFAT File System Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-38662 MEDIUM PATCH This Month

Windows Fast FAT File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-20805 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20803 MEDIUM This Month

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20800 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20799 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20798 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20797 MEDIUM This Month

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy