Critical Vulnerabilities

SOCRadar, the extended cyber threat intelligence (XTI) platform, provides vulnerability intelligence for the security operations team who can search for recent critical vulnerabilities exploited in the wild by the threat actors. SOCRadar also provides an External Attack Surface Management suite that helps cybersecurity teams to identify vulnerable assets in their internet-facing network. We select and display critical vulnerabilities below that are popular in the hacker community.

Get free access to SOCRadar XTI to start using vulnerability intelligence now.

Get Free Access
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Zero-Day Remote code Execution Vulnerability in Palo Alto Firewalls Utilising the GlobalProtect VPN Component
CVE-2021-3064
Unknown 9.8 Nov 10, 2021 Palo Alto Firewall Operating System PAN-OS 8.1 prior to 8.1.17 Link
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability discovered by MSTIC
CVE-2021-42321
Exploited in the Tianfu Cup 8.8 Nov 9, 2021 Microsoft Exchange Server Link
Microsoft Excel Security Feature Bypass Vulnerability discovered by MSTIC
CVE-2021-42292
In-the-wild 7.8 Nov 9, 2021 Microsoft Office Link
Critical Citrix Unauthenticated Denial of Service (DDoS) Bug Shuting Down Network, Cloud App Access
CVE-2021-22955
Ongoing exploitation N/A Nov 9, 2021 Citrix ADC | Citrix Gateway Link
Critical Remote Code Execution (RCE) in the Transparent Inter Process Communication (TIPC) Module of the Linux Kernel
CVE-2021-43267
Unknown 9.8 Nov 2, 2021 Linux Kernel Versions between 5.10 and 5.15 Link
Google Android Zero-Day Use-After-Free (UAF) Bug Leading to a Local Escalation of Privilege in the Kernel
CVE-2021-1048
In-the-wild 7.8 Nov 1, 2021 Android Kernel Link
‘Trojan Source’ Bugs of Unicode Bidirectional Algorithm (BiDi)
CVE-2021-42574 | CVE-2021-42694
POC Exploit Code Available 9.8 Nov 1, 2021 Unicode Bidirectional Algorithm (BiDi) through Version 14.0 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Cisco SD-WAN High-Severity Privilege Escalation Vulnerability Leading to Arbitrary Code Execution in the IOS IE Operating System
CVE-2021-1529
Unknown 7.8 Oct 20, 2021 Cisco IOS XE Software | Cisco IOS XE SD-WAN Software Link
RCE Vulnerability in The Trial Version of WinRAR
CVE-2021-35052
Unknown N/A Oct 20, 2021 WinRAR Version 5.70 Link
Google Chrome Critical Heap-Buffer-Overflow and Use-After-Free (UAF) Vulnerabilities
CVE-2021-37981 | CVE-2021-37984 | CVE-2021-37982 | CVE-2021-37983 | CVE-2021-37985
Unknown N/A Oct 19, 2021 Google Chrome Link
Microsoft Exchange Server Remote Code (RCE) Vulnerability found by NSA
CVE-2021-26427
Unknown 9.0 Oct 12, 2021 Microsoft Exchange Server Link
Windows Win32k Elevation of Privilege Zero-Day Vulnerability Used By MysterySnail RAT
CVE-2021-40449
In-the-wild 7.8 Oct 12, 2021 All Supported Versions of Windows Link
RCE Vulnerabilities on Microsoft SharePoint and Windows DNS Servers
CVE-2021-40487 | CVE-2021-40469
Unknown 8.1 Oct 12, 2021 Microsoft SharePoint Versions | Windows DNS Server Versions Link
Link
Apple iOS Remote Code Execution (RCE) Zero-Day Bug
CVE-2021-30883
In-the-wild N/A Oct 11, 2021 iOS 15.0.2 and iPadOS 15.0.2 Link
Path Traversal Zero Day and File Disclosure Vulnerability in Apache HTTP Server
CVE-2021-41773 | CVE-2021-42013
In-the-wild 7.5 Oct 4, 2021 Apache HTTP Server 2.4.49 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Second Pair of Google Chrome Use-after-free Zero Day Bugs in September
CVE-2021-37975 | CVE-2021-37976
In-the-wild N/A Sep 30, 2021 Google Chrome Link
Unpatched Stored XSS Zero-Day Vulnerability in Apple AirTag
N/A
Unknown N/A Sep 29, 2021 Apple AirTag Link
Cisco Unauthenticated Remote-code-execution (RCE) and Denial-of-service (DoS) Vulnerability
CVE-2021-34770
Unknown 10 Sep 22, 2021 Cisco Catalyst 9000 Family of Wireless Controllers Link
Critical Software-buffer-overflow and Authentication-bypass Bugs in Cisco
CVE-2021-34727 | CVE-2021-1619
Unknown 9.8 Sep 22, 2021 Cisco SD-WAN Software | Cisco IOS XE Software Link
Link
VMware Ransomware-Friendly Arbitrary File Upload Bug in vCenter Server
CVE-2021-22005
POC exploit code available 9.8 Sep 21, 2021 VMware vCenter Server Link
Zero-day Security Vulnerability in Apple’s macOS Finder System
No CVE assigned
Unknown N/A Sep 21, 2021 macOS Big Sur and Prior Link
Netgear SOHO Security Bug allowing RCE via A Man-in-the-middle (MiTM) Attack
CVE-2021-40847
POC exploit code available 8.1 Sep 20, 2021 Netgear Small Office/Home Office (SOHO) Routers Link
Adobe Arbitrary Code Execution Vulnerability Affecting Its Core Products
CVE-2021-39863
Unknown 8.8 Sep 14, 2021 Adobe Reader DC | Adobe Acrobat Reader DC Link
OMIGOD Microsoft Zero-day RCE Vulnerability in the Azure Cloud Platform
CVE-2021-38647
POC exploit code available 9.8 Sep 14, 2021 Microsoft Azure Cloud Link
ForcedEntry Apple Zero-day Bugs Exploited by NSO Group
CVE-2021-30858 | CVE-2021-30860
Zero-click exploit available 8.8 Sep 13, 2021 iPhone | iPad | Mac | Apple Watch Link
Google Chrome Use-After-Free (UAF) Zero-Day Bugs
CVE-2021-30632 | CVE-2021-30633
In-the-wild N/A Sep 13, 2021 Google Chrome Link
Zero-Day RCE Vulnerability in Microsoft MSHTML
CVE-2021-40444
Ongoing exploitation 8.8 Sep 7, 2021 Microsoft Windows Link
An Authentication Bypass Bug in the ManageEngine ADSelfService Plus Platform
CVE-2021-40539
Ongoing exploitation N/A Sep 7, 2021 Zoho ManageEngine ADSelfService Plus Link
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
CVE-2021-34746
POC exploit code available 9.8 Sep 1, 2021 Cisco Enterprise NFVIS Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Critical Microsoft Azure Cosmos DB Bug
No CVE assigned
Unknown N/A Aug 26, 2021 Microsoft Azure Cosmos DB | Jupyter Notebook Link
Critical Vulnerability in the Atlassian Confluence Server Platform
CVE-2021-26084
Ongoing exploitation 9.8 Aug 25, 2021 Atlassian Confluence Server and Data Center Link
Sudo Bug Privilege Escalation Vulnerability for HPE Aruba
CVE-2021-3156
POC exploit code available 7.8 Aug 25, 2021 HPE Aruba AirWave Management Platform Link
Parallels Desktop Privilege Escalation Bug
CVE-2021-34864
Unknown 8.8 Aug 25, 2021 Parallels Desktop Link
A Consensus Vulnerability in Go-Ethereum (Geth) EVM Causing a Node to Reject the Canonical Chain
CVE-2021-39137
In-the-wild 7.5 Aug 24, 2021 All Geth Versions Supporting the London Hard Fork Link
OpenSSL Bug in the Implementation of the SM2 Decryption Code Leading to a Buffer Overflow when Calling the API Function to Decrypt SM2 Encrypted Data
CVE-2021-3711
Unknown 9.8 Aug 24, 2021 OpenSSL versions 1.1.1k and earlier 1.1.1x Link
ThroughTek Critical Bug Allowing Remote Compromise, Control of Millions of IoT devices
CVE-2021-28372
Unknown 8.3 Aug 17, 2021 ThroughTek’s Kalay Platform 2.0 Link
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36958
Unknown 7.8 Aug 11, 2021 Windows Server Link
Realtek Jungle SDK Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-35395
Ongoing exploitation 9.8 Aug 11, 2021 Realtek SDK | Realtek “Jungle” SDK | Realtek “Luna” SDK Link
Pulse Connect Secure Vulnerability Allowing an Authenticated Administrator to Perform a File Write via a Maliciously Crafted Archive Uploaded in the Administrator Web Interface
CVE-2021-22937
Unknown 9.1 Aug 5, 2021 Pulse Connect Secure before 9.1R12 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Apple Zero-Day Local Privilege Escalation Vulnerability in the IOMobileFrameBuffer
CVE-2021-30807
In-the-wild 7.8 Jul 26, 2021 iOS 14.7.1 | iPadOS 14.7.1 | macOS Big Sur 11.5.1 | watchOS 7.6.1 Link Link Link
Jira Remote Code Execution (RCE) Missing Authentication Bug in Atlassian
CVE-2020-36239
Unknown 9.8 Jul 21, 2021 Jira Data Center | Jira Service Management Data Center Link
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-34481
Unknown 8.8 Jul 15, 2021 Windows Server Link
Type Confusion Bug in V8 in Google Chrome
CVE-2021-30563
In-the-wild 8.8 Jul 15, 2021 Google Chrome prior to 91.0.4472.164 Link
Remote Code Execution (RCE) Vulnerability in the SolarWinds Serv-U Product
CVE-2021-35211
Zero-Day Exploit 10.0 Jul 13, 2021 SolarWinds Serv-U Managed File Transfer | Serv-U Secure FTP for Windows before 15.2.3 HF2 Link
Microsoft Exchange Information Disclosure Vulnerability
CVE-2021-33766
Unknown 7.5 Jul 13, 2021 Microsoft Exchange Server Link
Linux Kernel Netfilter Heap Out-Of-Bounds Write Denial-of-Service (DoS) Bug
CVE-2021-22555
POC Exploit Code Available 8.3 Jul 7, 2021 Linux since v2.6.19-rc1 Link
Microsoft Exchange Server Remote Code Execution ProxyShell Vulnerability
CVE-2021-34473
Unknown 9.1 Jul 2, 2021 Microsoft Exchange Server Link
Windows Print Spooler Remote Code Execution PrintNightmare Vulnerability Leading System Privileges and Running Commands on PCs
CVE-2021-34527
POC Exploit Code Available 8.8 Jul 1, 2021 Windows Server Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
ForgeRock AM Pre-Auth Remote Code Execution (RCE) Vulnerability via the Java Deserialization in the Jato Framework
CVE-2021-35464
POC Exploit Code Available 9.8 Jun 29, 2021 ForgeRock AM server before 7.0 Link
NVIDIA Trusty Driver Buffer Overflow Vulnerability
CVE‑2021‑34372
Unknown 8.2 Jun 22, 2021 NVIDIA Jetson Link
Google Chrome Use After Free Bug in BFCache
CVE-2021-30544
Unknown 9.8 Jun 9, 2021 Google Chrome prior to 91.0.4472.101 Link
Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31956
In-the-wild 7.8 Jun 8, 2021 Windows Server Link
Windows MSHTML Platform Remote Code Execution (RCE) Vulnerability
CVE-2021-33742
In-the-wild 8.8 Jun 8, 2021 Windows Server Link
Local Privilege Escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d)
CVE-2021-24489
Unknown 8.8 Jun 8, 2021 Intel Core Processors | Intel Pentium Processors | Intel Celeron Processors | Intel Atom Processors Link
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-33739
In-the-wild 8.4 Jun 8, 2021 Windows 10 Link
Windows NTLM Elevation of Privilege Vulnerability
CVE-2021-31958
Unknown 8.8 Jun 8, 2021 Windows Server Link
Android System Out of Bounds Read and Write due to a Use After Free Elevation-of-Privilege (EoP) Bug
CVE-2021-0516
Unknown 9.8 Jun 2, 2021 AOSP versions 8.1, 9, 10, 11 Link
Windows Print Spooler Remote Code Execution (RCE) Vulnerability
CVE-2021-1675
Unknown 8.8 Jun 1, 2021 Windows Server Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Apache Dubbo Pre-Auth Remote Code Execution (RCE) Bug via Java Deserialization in the Generic filter
CVE-2021-30179
POC Exploit Code Available 9.8 May 31, 2021 Dubbo all 2.5.x, 2.6.x and 2.7.x versions Link
Privilege Escalation Vulnerability in Dell DBUtil Driver
CVE-2021-21551
In-the-wild 7.8 May 31, 2021 DBUtil: 2.3 Link
VMware vCenter Server Remote Code Execution and Authentication Vulnerabilities in vSphere Client (HTML5)
CVE-2021-21985 | CVE-2021-21986
POC Exploit Code Available 9.8 May 26, 2021 VMware vCenter Server | VMware Cloud Foundation Link
Apple Multiple Memory Corruption Vulnerability
CVE-2021-30734
POC Exploit Code Available 8.8 May 24, 2021 iOS 14.6 | iPadOS 14.6 | macOS Big Sur 11.5.1 | Safari 14.1.1 Link Link Link
Pulse Connect Secure Buffer Overflow Arbitrary Code Execution (ACE) Bug in Windows File Resource Profiles in 9.X
CVE-2021-22908
Unknown 8.8 May 24, 2021 Pulse Connect Secure versions 9.0Rx and 9.1Rx Link
McAfee Arbitrary Process Execution Privilege Escalation Bugs
CVE-2021-23873 | CVE-2021-23874 | CVE-2021-23875 | CVE-2021-23876
POC Exploit Code Available 7.8 May 24, 2021 McAfee Total Protection Prior to 16.0.30 Link
Microsoft Critical Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476
Unknown 9.9 May 11, 2021 Windows Server Link
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166
Unknown 9.8 May 11, 2021 Windows 10 Link
Adobe Critical Use After Free Arbitrary code execution Vulnerabilities
CVE-2021-28562 | CVE-2021-28550 | CVE-2021-28553
In-the-wild 8.8 May 11, 2021 Acrobat Reader DC Link
Privilege Escalation Vulnerability in Linux kernel
CVE-2021-3490
POC Exploit Code Available 7.8 May 10, 2021 Linux kernel Operating System Link
Critical Authentication Bypass Vulnerability on Python
CVE-2021-29921
Unknown 9.8 May 6, 2021 Python 3.10 | Python 3.9 | Python 3.8 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Buffalo Path Traversal Vulnerability in the Web Interfaces Leading to Bypass Authentication
CVE-2021-20090
In-the-wild 9.8 Apr 29, 2021 Buffalo WSR-2533DHPL2 firmware version <= 1.02 | WSR-2533DHP3 firmware version <= 1.24 Link
Unauthenticated Arbitrary Remote Code Execution Use After Free Bug via License Services in Pulse Connect Secure
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900
In-the-wild 10.0 Apr 23, 2021 Pulse Connect Secure before 9.1R11.4 Link
Google Out of Bounds Memory Access Vulnerability Allowing a Remote Attacker to Exploit Heap Corruption via a Crafted HTML Page
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900
Unknown 8.8 Apr 22, 2021 V8 in Google Chrome prior to 90.0.4430.85 Link
Critical Unauthenticated Remote Code Execution (RCE) Bug in Apache Tapestry Bypass of the Fix for CVE-2019-0195
CVE-2021-27850
POC Exploit Code Available 9.8 Apr 15, 2021 Apache Tapestry versions 5.4.5, 5.5.0, 5.6.2 and 5.7.0 Link
Denial of Service (DoS) Arbitrary Code Execution (ACE) Bugs in Ubuntu Linux Kernels
CVE-2021-3492 | CVE-2021-3493
Unknown 7.8 Apr 15, 2021 Linux Link
Multiple Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480 | CVE-2021-28481 | CVE-2021-28482 | CVE-2021-28483
POC Exploit Code Available 9.8 Apr 13, 2021 Microsoft Exchange Server Link
Windows Zero-Day Win32k Elevation of Privilege Vulnerability in Desktop Window Manager
CVE-2021-28310
In-the-wild 7.8 Apr 13, 2021 Windows 10 Link
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415
POC Exploit Code Available 7.8 Apr 13, 2021 Windows Server Link
Arbitrary File Write Vulnerability in vRealize Operations Manager API
CVE-2021-21975
POC Exploit Code Available 7.5 Apr 13, 2021 VMware vRealize Operations Link
WhatsApp Cache Configuration Vulnerability
CVE-2021-24027
POC Exploit Code Available 7.5 Apr 6, 2021 WhatsApp for Android v2.21.4.18 | WhatsApp Business for Android v2.21.4.18 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Remote Code Execution Vulnerability in Apache OFBiz via Java Deserialization
CVE-2021-26295
POC Exploit Code Available 9.8 Mar 22, 2021 Apache OFBiz Link
Google Chrome Use After Free and Heap Buffer Overflow Bugs in WebRTC and in Blink
CVE-2021-21191 | CVE-2021-21192 | CVE-2021-21193
In-the-wild 8.8 Mar 12, 2021 Google Chrome prior to 89.0.4389.90 Link
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868
Unknown 7.8 Mar 9, 2021 Windows 10 Link
Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411
In-the-wild 8.8 Mar 9, 2021 Internet Explorer | Microsoft Edge Link
Microsoft ProxyLogon Exchange Server Remote Code Execution Vulnerabilities
CVE-2021-26855 | CVE-2021-26857 | CVE-2021-26858 | CVE-2021-27065
In-the-wild 9.8 Mar 2, 2021 Microsoft Exchange Server Link Link Link Link
VMware Remote Code Execution (RCE) Vulnerability Leading to Arbitrary File Upload in Logupload Web Application
CVE-2021-22987
Unknown 9.9 Mar 2, 2021 BIG-IP Link
BIG-IP Appliance Mode TMUI Authenticated Remote Command Execution Bug
CVE-2021-22987
Unknown 9.9 Mar 2, 2021 BIG-IP Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Windows TCP/IP Denial of Service (DoS) Vulnerability
CVE-2021-24086
POC Exploit Code Available 7.5 Feb 29, 2021 Windows 10 Link
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
CVE-2021- 1361
Unknown 9.1 Feb 24, 2021 Cisco NX-OS Software 9.3(5) and 9.3(6) Link
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-21972 | CVE-2021-21973 | CVE-2021-21974
POC Exploit Code Available 9.8 Feb 23, 2021 VMware ESXi | VMware vCenter Server | VMware Cloud Foundation Link
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-27101 | CVE-2021-27102 | CVE-2021-27103 | CVE-2021-27104
Unknown 9.8 Feb 16, 2021 Accellion FTA 9_12_370 and earlier Link
Adobe Heap-Based Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-21017
In-the-wild 8.8 Feb 11, 2021 Acrobat Reader DC Link
VMware Post-Authentication OS Command Injection Remote Code execution (RCE) Bug
CVE-2021-21976
Unknown 7.2 Feb 11, 2021 vSphere Replication Link
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074 | CVE-2021-24094
POC Exploit Code Available 9.8 Feb 9, 2021 Windows 10 Link Link
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1732
In-the-wild 7.8 Feb 9, 2021 Windows 10 Link
Google Chrome Heap Buffer Overflow Remote Code execution (RCE) Vulnerability
CVE-2021-21148
In-the-wild 8.8 Feb 9, 2021 Google Chrome prior to 88.0.4324.150 Link
Remote Code Execution (RCE) Bug in SAP Commerce
CVE-2021-21477
Unknown 9.9 Feb 9, 2021 SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Sudo Off-by-One Heap-Based Buffer Overflow Privilege Escalation Bug
CVE-2021-3156
In-the-wild 7.8 Jan 29, 2021 Sudo before 1.9.5p2 Link
Apache Druid Arbitrary User-Provided JavaScript Code Execution Bug
CVE-2021-25646
POC Exploit Code Available 8.8 Jan 29, 2021 Apache Druid Link
Oracle Fusion Middleware Easily Exploitable Bug Leading Network Access via HTTP to Compromise Oracle WebLogic Server
CVE-2021-2109
POC Exploit Code Available 7.2 Jan 20, 2021 Oracle WebLogic Server Link
Python 3 Heap Buffer Overflow Remote Code execution (RCE) Bug
CVE-2021-3177
Unknown 8.8 Jan 19, 2021 Python 3.10, 3.9, 3.8, 3.7, 3.6 Link
Cisco Connected Mobile Experiences (CMX) Privilege Escalation Vulnerability
CVE-2021-1144
Unknown 8.8 Jan 13, 2021 Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2 Link
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647
In-the-wild 7.8 Jan 12, 2021 Windows Defender Link
Lavarel Ignition Unauthenticated Arbitrary Remote Code Execution Vulnerability
CVE-2021-3129
POC Exploit Code Available 9.8 Jan 12, 2021 Laravel before 8.4.2 Link
Android Out of Bounds Write Remote Code Execution Vulnerability
CVE-2021-3007
Unknown 9.8 Jan 4, 2021 AOSP 8.0, 8.1, 9, 10, 11 Link