Skip to main content
CVE-2021-42321 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
8.8
EPSS
90.4%
CVE-2021-40519 CRITICAL POC Act Now

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
10.0
EPSS
1.1%
CVE-2021-33816 CRITICAL POC PATCH Act Now

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Dolibarr Erp Crm
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-40520 CRITICAL POC Act Now

Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-40521 CRITICAL POC Act Now

Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2021-43136 CRITICAL POC THREAT Act Now

An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Formalms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
15.7%
CVE-2021-43523 CRITICAL POC PATCH Act Now

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Uclibc Uclibc Ng
NVD GitHub
CVSS 3.1
9.6
EPSS
3.3%
CVE-2021-41426 HIGH POC This Week

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Smart Box Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-37158 HIGH POC This Week

An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Opengamepanel
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-37157 HIGH POC PATCH This Week

An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opengamepanel
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-39474 HIGH POC This Week

Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ubc1319 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2021-3380 MEDIUM POC This Month

Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H8 Ssrms
NVD Exploit-DB VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-40518 MEDIUM POC This Month

Airangel HSMX Gateway devices through 5.2.04 allow CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-41349 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
93.9%
CVE-2021-33618 MEDIUM POC THREAT This Month

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
79.3%
CVE-2021-41038 MEDIUM POC PATCH This Month

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Theia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-41427 MEDIUM POC This Month

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smart Box Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-3064 CRITICAL Act Now

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Stack Overflow Pan Os
NVD
CVSS 3.1
9.8
EPSS
19.1%
CVE-2021-40517 MEDIUM POC This Month

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-26443 CRITICAL PATCH Act Now

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
9.0
EPSS
1.5%
CVE-2021-22048 HIGH PATCH This Week

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Privilege Escalation VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2021-3062 HIGH This Week

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-3056 HIGH This Week

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-43563 HIGH PATCH This Week

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Pixx Io
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-40502 HIGH This Week

SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Commerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-43562 HIGH PATCH This Week

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

RCE SSRF Pixx Io
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-42316 HIGH PATCH This Week

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Dynamics 365
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-42283 HIGH PATCH This Week

NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows 11 Windows 7 Windows Rt 8 1 +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-42275 HIGH PATCH This Week

Microsoft COM for Windows Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-38666 HIGH PATCH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
8.8
EPSS
12.9%
CVE-2021-3060 HIGH This Week

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection Paloalto Prisma Access Pan Os
NVD
CVSS 3.1
8.1
EPSS
33.9%
CVE-2021-3059 HIGH This Week

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-40501 HIGH This Week

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Abap Platform Kernel
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-42296 HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Microsoft RCE Code Injection 365 Apps Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-32023 HIGH This Week

An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Protect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32021 HIGH This Week

A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Protect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-40503 HIGH This Week

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft SAP Gui For Windows
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31853 HIGH This Week

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Drive Encryption
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-43209 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2021-43208 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2021-42322 HIGH PATCH This Week

Visual Studio Code Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-42298 HIGH PATCH This Week

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2021-42292 HIGH KEV PATCH THREAT This Week

Microsoft Excel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
31.9%
CVE-2021-42286 HIGH PATCH This Week

Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42285 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-42276 HIGH PATCH This Week

Microsoft Windows Media Foundation Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-41378 HIGH PATCH This Week

Windows NTFS Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-41377 HIGH PATCH This Week

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41370 HIGH PATCH This Week

NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41367 HIGH PATCH This Week

NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy