SOCRadar, the extended cyber threat intelligence (XTI) platform, provides vulnerability intelligence for the security operations team who can search for recent critical vulnerabilities exploited in the wild by the threat actors. SOCRadar also provides an External Attack Surface Management suite that helps cybersecurity teams to identify vulnerable assets in their internet-facing network. We select and display critical vulnerabilities below that are popular in the hacker community.
Get free access to SOCRadar XTI to start using vulnerability intelligence now.
Get Free Access| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Zero-Day Remote code Execution Vulnerability in Palo Alto Firewalls Utilising the GlobalProtect VPN Component
CVE-2021-3064 |
Unknown | 9.8 | Nov 10, 2021 | Palo Alto Firewall Operating System PAN-OS 8.1 prior to 8.1.17 | Link |
| Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability discovered by MSTIC
CVE-2021-42321 |
Exploited in the Tianfu Cup | 8.8 | Nov 9, 2021 | Microsoft Exchange Server | Link |
| Microsoft Excel Security Feature Bypass Vulnerability discovered by MSTIC
CVE-2021-42292 |
In-the-wild | 7.8 | Nov 9, 2021 | Microsoft Office | Link |
| Critical Citrix Unauthenticated Denial of Service (DDoS) Bug Shuting Down Network, Cloud App Access
CVE-2021-22955 |
Ongoing exploitation | N/A | Nov 9, 2021 | Citrix ADC | Citrix Gateway | Link |
| Critical Remote Code Execution (RCE) in the Transparent Inter Process Communication (TIPC) Module of the Linux Kernel
CVE-2021-43267 |
Unknown | 9.8 | Nov 2, 2021 | Linux Kernel Versions between 5.10 and 5.15 | Link |
| Google Android Zero-Day Use-After-Free (UAF) Bug Leading to a Local Escalation of Privilege in the Kernel
CVE-2021-1048 |
In-the-wild | 7.8 | Nov 1, 2021 | Android Kernel | Link |
| ‘Trojan Source’ Bugs of Unicode Bidirectional Algorithm (BiDi)
CVE-2021-42574 | CVE-2021-42694 |
POC Exploit Code Available | 9.8 | Nov 1, 2021 | Unicode Bidirectional Algorithm (BiDi) through Version 14.0 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Cisco SD-WAN High-Severity Privilege Escalation Vulnerability Leading to Arbitrary Code Execution in the IOS IE Operating System
CVE-2021-1529 |
Unknown | 7.8 | Oct 20, 2021 | Cisco IOS XE Software | Cisco IOS XE SD-WAN Software | Link |
| RCE Vulnerability in The Trial Version of WinRAR
CVE-2021-35052 |
Unknown | N/A | Oct 20, 2021 | WinRAR Version 5.70 | Link |
| Google Chrome Critical Heap-Buffer-Overflow and Use-After-Free (UAF) Vulnerabilities
CVE-2021-37981 | CVE-2021-37984 | CVE-2021-37982 | CVE-2021-37983 | CVE-2021-37985 |
Unknown | N/A | Oct 19, 2021 | Google Chrome | Link |
| Microsoft Exchange Server Remote Code (RCE) Vulnerability found by NSA
CVE-2021-26427 |
Unknown | 9.0 | Oct 12, 2021 | Microsoft Exchange Server | Link |
| Windows Win32k Elevation of Privilege Zero-Day Vulnerability Used By MysterySnail RAT
CVE-2021-40449 |
In-the-wild | 7.8 | Oct 12, 2021 | All Supported Versions of Windows | Link |
| RCE Vulnerabilities on Microsoft SharePoint and Windows DNS Servers
CVE-2021-40487 | CVE-2021-40469 |
Unknown | 8.1 | Oct 12, 2021 | Microsoft SharePoint Versions | Windows DNS Server Versions | Link
Link |
| Apple iOS Remote Code Execution (RCE) Zero-Day Bug
CVE-2021-30883 |
In-the-wild | N/A | Oct 11, 2021 | iOS 15.0.2 and iPadOS 15.0.2 | Link |
| Path Traversal Zero Day and File Disclosure Vulnerability in Apache HTTP Server
CVE-2021-41773 | CVE-2021-42013 |
In-the-wild | 7.5 | Oct 4, 2021 | Apache HTTP Server 2.4.49 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Second Pair of Google Chrome Use-after-free Zero Day Bugs in September
CVE-2021-37975 | CVE-2021-37976 |
In-the-wild | N/A | Sep 30, 2021 | Google Chrome | Link |
| Unpatched Stored XSS Zero-Day Vulnerability in Apple AirTag
N/A |
Unknown | N/A | Sep 29, 2021 | Apple AirTag | Link |
| Cisco Unauthenticated Remote-code-execution (RCE) and Denial-of-service (DoS) Vulnerability
CVE-2021-34770 |
Unknown | 10 | Sep 22, 2021 | Cisco Catalyst 9000 Family of Wireless Controllers | Link |
| Critical Software-buffer-overflow and Authentication-bypass Bugs in Cisco
CVE-2021-34727 | CVE-2021-1619 |
Unknown | 9.8 | Sep 22, 2021 | Cisco SD-WAN Software | Cisco IOS XE Software | Link
Link |
| VMware Ransomware-Friendly Arbitrary File Upload Bug in vCenter Server
CVE-2021-22005 |
POC exploit code available | 9.8 | Sep 21, 2021 | VMware vCenter Server | Link |
| Zero-day Security Vulnerability in Apple’s macOS Finder System
No CVE assigned |
Unknown | N/A | Sep 21, 2021 | macOS Big Sur and Prior | Link |
| Netgear SOHO Security Bug allowing RCE via A Man-in-the-middle (MiTM) Attack
CVE-2021-40847 |
POC exploit code available | 8.1 | Sep 20, 2021 | Netgear Small Office/Home Office (SOHO) Routers | Link |
| Adobe Arbitrary Code Execution Vulnerability Affecting Its Core Products
CVE-2021-39863 |
Unknown | 8.8 | Sep 14, 2021 | Adobe Reader DC | Adobe Acrobat Reader DC | Link |
| OMIGOD Microsoft Zero-day RCE Vulnerability in the Azure Cloud Platform
CVE-2021-38647 |
POC exploit code available | 9.8 | Sep 14, 2021 | Microsoft Azure Cloud | Link |
| ForcedEntry Apple Zero-day Bugs Exploited by NSO Group
CVE-2021-30858 | CVE-2021-30860 |
Zero-click exploit available | 8.8 | Sep 13, 2021 | iPhone | iPad | Mac | Apple Watch | Link |
| Google Chrome Use-After-Free (UAF) Zero-Day Bugs
CVE-2021-30632 | CVE-2021-30633 |
In-the-wild | N/A | Sep 13, 2021 | Google Chrome | Link |
| Zero-Day RCE Vulnerability in Microsoft MSHTML
CVE-2021-40444 |
Ongoing exploitation | 8.8 | Sep 7, 2021 | Microsoft Windows | Link |
| An Authentication Bypass Bug in the ManageEngine ADSelfService Plus Platform
CVE-2021-40539 |
Ongoing exploitation | N/A | Sep 7, 2021 | Zoho ManageEngine ADSelfService Plus | Link |
| Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
CVE-2021-34746 |
POC exploit code available | 9.8 | Sep 1, 2021 | Cisco Enterprise NFVIS | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Critical Microsoft Azure Cosmos DB Bug
No CVE assigned |
Unknown | N/A | Aug 26, 2021 | Microsoft Azure Cosmos DB | Jupyter Notebook | Link |
| Critical Vulnerability in the Atlassian Confluence Server Platform
CVE-2021-26084 |
Ongoing exploitation | 9.8 | Aug 25, 2021 | Atlassian Confluence Server and Data Center | Link |
| Sudo Bug Privilege Escalation Vulnerability for HPE Aruba
CVE-2021-3156 |
POC exploit code available | 7.8 | Aug 25, 2021 | HPE Aruba AirWave Management Platform | Link |
| Parallels Desktop Privilege Escalation Bug
CVE-2021-34864 |
Unknown | 8.8 | Aug 25, 2021 | Parallels Desktop | Link |
| A Consensus Vulnerability in Go-Ethereum (Geth) EVM Causing a Node to Reject the Canonical Chain
CVE-2021-39137 |
In-the-wild | 7.5 | Aug 24, 2021 | All Geth Versions Supporting the London Hard Fork | Link |
| OpenSSL Bug in the Implementation of the SM2 Decryption Code Leading to a Buffer Overflow when Calling the API Function to Decrypt SM2 Encrypted Data
CVE-2021-3711 |
Unknown | 9.8 | Aug 24, 2021 | OpenSSL versions 1.1.1k and earlier 1.1.1x | Link |
| ThroughTek Critical Bug Allowing Remote Compromise, Control of Millions of IoT devices
CVE-2021-28372 |
Unknown | 8.3 | Aug 17, 2021 | ThroughTek’s Kalay Platform 2.0 | Link |
| Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36958 |
Unknown | 7.8 | Aug 11, 2021 | Windows Server | Link |
| Realtek Jungle SDK Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-35395 |
Ongoing exploitation | 9.8 | Aug 11, 2021 | Realtek SDK | Realtek “Jungle” SDK | Realtek “Luna” SDK | Link |
| Pulse Connect Secure Vulnerability Allowing an Authenticated Administrator to Perform a File Write via a Maliciously Crafted Archive Uploaded in the Administrator Web Interface
CVE-2021-22937 |
Unknown | 9.1 | Aug 5, 2021 | Pulse Connect Secure before 9.1R12 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Apple Zero-Day Local Privilege Escalation Vulnerability in the IOMobileFrameBuffer
CVE-2021-30807 |
In-the-wild | 7.8 | Jul 26, 2021 | iOS 14.7.1 | iPadOS 14.7.1 | macOS Big Sur 11.5.1 | watchOS 7.6.1 | Link Link Link |
| Jira Remote Code Execution (RCE) Missing Authentication Bug in Atlassian
CVE-2020-36239 |
Unknown | 9.8 | Jul 21, 2021 | Jira Data Center | Jira Service Management Data Center | Link |
| Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-34481 |
Unknown | 8.8 | Jul 15, 2021 | Windows Server | Link |
| Type Confusion Bug in V8 in Google Chrome
CVE-2021-30563 |
In-the-wild | 8.8 | Jul 15, 2021 | Google Chrome prior to 91.0.4472.164 | Link |
| Remote Code Execution (RCE) Vulnerability in the SolarWinds Serv-U Product
CVE-2021-35211 |
Zero-Day Exploit | 10.0 | Jul 13, 2021 | SolarWinds Serv-U Managed File Transfer | Serv-U Secure FTP for Windows before 15.2.3 HF2 | Link |
| Microsoft Exchange Information Disclosure Vulnerability
CVE-2021-33766 |
Unknown | 7.5 | Jul 13, 2021 | Microsoft Exchange Server | Link |
| Linux Kernel Netfilter Heap Out-Of-Bounds Write Denial-of-Service (DoS) Bug
CVE-2021-22555 |
POC Exploit Code Available | 8.3 | Jul 7, 2021 | Linux since v2.6.19-rc1 | Link |
| Microsoft Exchange Server Remote Code Execution ProxyShell Vulnerability
CVE-2021-34473 |
Unknown | 9.1 | Jul 2, 2021 | Microsoft Exchange Server | Link |
| Windows Print Spooler Remote Code Execution PrintNightmare Vulnerability Leading System Privileges and Running Commands on PCs
CVE-2021-34527 |
POC Exploit Code Available | 8.8 | Jul 1, 2021 | Windows Server | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| ForgeRock AM Pre-Auth Remote Code Execution (RCE) Vulnerability via the Java Deserialization in the Jato Framework
CVE-2021-35464 |
POC Exploit Code Available | 9.8 | Jun 29, 2021 | ForgeRock AM server before 7.0 | Link |
| NVIDIA Trusty Driver Buffer Overflow Vulnerability
CVE‑2021‑34372 |
Unknown | 8.2 | Jun 22, 2021 | NVIDIA Jetson | Link |
| Google Chrome Use After Free Bug in BFCache
CVE-2021-30544 |
Unknown | 9.8 | Jun 9, 2021 | Google Chrome prior to 91.0.4472.101 | Link |
| Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31956 |
In-the-wild | 7.8 | Jun 8, 2021 | Windows Server | Link |
| Windows MSHTML Platform Remote Code Execution (RCE) Vulnerability
CVE-2021-33742 |
In-the-wild | 8.8 | Jun 8, 2021 | Windows Server | Link |
| Local Privilege Escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d)
CVE-2021-24489 |
Unknown | 8.8 | Jun 8, 2021 | Intel Core Processors | Intel Pentium Processors | Intel Celeron Processors | Intel Atom Processors | Link |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-33739 |
In-the-wild | 8.4 | Jun 8, 2021 | Windows 10 | Link |
| Windows NTLM Elevation of Privilege Vulnerability
CVE-2021-31958 |
Unknown | 8.8 | Jun 8, 2021 | Windows Server | Link |
| Android System Out of Bounds Read and Write due to a Use After Free Elevation-of-Privilege (EoP) Bug
CVE-2021-0516 |
Unknown | 9.8 | Jun 2, 2021 | AOSP versions 8.1, 9, 10, 11 | Link |
| Windows Print Spooler Remote Code Execution (RCE) Vulnerability
CVE-2021-1675 |
Unknown | 8.8 | Jun 1, 2021 | Windows Server | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Apache Dubbo Pre-Auth Remote Code Execution (RCE) Bug via Java Deserialization in the Generic filter
CVE-2021-30179 |
POC Exploit Code Available | 9.8 | May 31, 2021 | Dubbo all 2.5.x, 2.6.x and 2.7.x versions | Link |
| Privilege Escalation Vulnerability in Dell DBUtil Driver
CVE-2021-21551 |
In-the-wild | 7.8 | May 31, 2021 | DBUtil: 2.3 | Link |
| VMware vCenter Server Remote Code Execution and Authentication Vulnerabilities in vSphere Client (HTML5)
CVE-2021-21985 | CVE-2021-21986 |
POC Exploit Code Available | 9.8 | May 26, 2021 | VMware vCenter Server | VMware Cloud Foundation | Link |
| Apple Multiple Memory Corruption Vulnerability
CVE-2021-30734 |
POC Exploit Code Available | 8.8 | May 24, 2021 | iOS 14.6 | iPadOS 14.6 | macOS Big Sur 11.5.1 | Safari 14.1.1 | Link Link Link |
| Pulse Connect Secure Buffer Overflow Arbitrary Code Execution (ACE) Bug in Windows File Resource Profiles in 9.X
CVE-2021-22908 |
Unknown | 8.8 | May 24, 2021 | Pulse Connect Secure versions 9.0Rx and 9.1Rx | Link |
| McAfee Arbitrary Process Execution Privilege Escalation Bugs
CVE-2021-23873 | CVE-2021-23874 | CVE-2021-23875 | CVE-2021-23876 |
POC Exploit Code Available | 7.8 | May 24, 2021 | McAfee Total Protection Prior to 16.0.30 | Link |
| Microsoft Critical Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476 |
Unknown | 9.9 | May 11, 2021 | Windows Server | Link |
| Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166 |
Unknown | 9.8 | May 11, 2021 | Windows 10 | Link |
| Adobe Critical Use After Free Arbitrary code execution Vulnerabilities
CVE-2021-28562 | CVE-2021-28550 | CVE-2021-28553 |
In-the-wild | 8.8 | May 11, 2021 | Acrobat Reader DC | Link |
| Privilege Escalation Vulnerability in Linux kernel
CVE-2021-3490 |
POC Exploit Code Available | 7.8 | May 10, 2021 | Linux kernel Operating System | Link |
| Critical Authentication Bypass Vulnerability on Python
CVE-2021-29921 |
Unknown | 9.8 | May 6, 2021 | Python 3.10 | Python 3.9 | Python 3.8 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Buffalo Path Traversal Vulnerability in the Web Interfaces Leading to Bypass Authentication
CVE-2021-20090 |
In-the-wild | 9.8 | Apr 29, 2021 | Buffalo WSR-2533DHPL2 firmware version <= 1.02 | WSR-2533DHP3 firmware version <= 1.24 | Link |
| Unauthenticated Arbitrary Remote Code Execution Use After Free Bug via License Services in Pulse Connect Secure
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 |
In-the-wild | 10.0 | Apr 23, 2021 | Pulse Connect Secure before 9.1R11.4 | Link |
| Google Out of Bounds Memory Access Vulnerability Allowing a Remote Attacker to Exploit Heap Corruption via a Crafted HTML Page
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 |
Unknown | 8.8 | Apr 22, 2021 | V8 in Google Chrome prior to 90.0.4430.85 | Link |
| Critical Unauthenticated Remote Code Execution (RCE) Bug in Apache Tapestry Bypass of the Fix for CVE-2019-0195
CVE-2021-27850 |
POC Exploit Code Available | 9.8 | Apr 15, 2021 | Apache Tapestry versions 5.4.5, 5.5.0, 5.6.2 and 5.7.0 | Link |
| Denial of Service (DoS) Arbitrary Code Execution (ACE) Bugs in Ubuntu Linux Kernels
CVE-2021-3492 | CVE-2021-3493 |
Unknown | 7.8 | Apr 15, 2021 | Linux | Link |
| Multiple Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480 | CVE-2021-28481 | CVE-2021-28482 | CVE-2021-28483 |
POC Exploit Code Available | 9.8 | Apr 13, 2021 | Microsoft Exchange Server | Link |
| Windows Zero-Day Win32k Elevation of Privilege Vulnerability in Desktop Window Manager
CVE-2021-28310 |
In-the-wild | 7.8 | Apr 13, 2021 | Windows 10 | Link |
| Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415 |
POC Exploit Code Available | 7.8 | Apr 13, 2021 | Windows Server | Link |
| Arbitrary File Write Vulnerability in vRealize Operations Manager API
CVE-2021-21975 |
POC Exploit Code Available | 7.5 | Apr 13, 2021 | VMware vRealize Operations | Link |
| WhatsApp Cache Configuration Vulnerability
CVE-2021-24027 |
POC Exploit Code Available | 7.5 | Apr 6, 2021 | WhatsApp for Android v2.21.4.18 | WhatsApp Business for Android v2.21.4.18 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Remote Code Execution Vulnerability in Apache OFBiz via Java Deserialization
CVE-2021-26295 |
POC Exploit Code Available | 9.8 | Mar 22, 2021 | Apache OFBiz | Link |
| Google Chrome Use After Free and Heap Buffer Overflow Bugs in WebRTC and in Blink
CVE-2021-21191 | CVE-2021-21192 | CVE-2021-21193 |
In-the-wild | 8.8 | Mar 12, 2021 | Google Chrome prior to 89.0.4389.90 | Link |
| Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868 |
Unknown | 7.8 | Mar 9, 2021 | Windows 10 | Link |
| Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411 |
In-the-wild | 8.8 | Mar 9, 2021 | Internet Explorer | Microsoft Edge | Link |
| Microsoft ProxyLogon Exchange Server Remote Code Execution Vulnerabilities
CVE-2021-26855 | CVE-2021-26857 | CVE-2021-26858 | CVE-2021-27065 |
In-the-wild | 9.8 | Mar 2, 2021 | Microsoft Exchange Server | Link Link Link Link |
| VMware Remote Code Execution (RCE) Vulnerability Leading to Arbitrary File Upload in Logupload Web Application
CVE-2021-22987 |
Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link |
| BIG-IP Appliance Mode TMUI Authenticated Remote Command Execution Bug
CVE-2021-22987 |
Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Windows TCP/IP Denial of Service (DoS) Vulnerability
CVE-2021-24086 |
POC Exploit Code Available | 7.5 | Feb 29, 2021 | Windows 10 | Link |
| Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
CVE-2021- 1361 |
Unknown | 9.1 | Feb 24, 2021 | Cisco NX-OS Software 9.3(5) and 9.3(6) | Link |
| Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-21972 | CVE-2021-21973 | CVE-2021-21974 |
POC Exploit Code Available | 9.8 | Feb 23, 2021 | VMware ESXi | VMware vCenter Server | VMware Cloud Foundation | Link |
| Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-27101 | CVE-2021-27102 | CVE-2021-27103 | CVE-2021-27104 |
Unknown | 9.8 | Feb 16, 2021 | Accellion FTA 9_12_370 and earlier | Link |
| Adobe Heap-Based Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-21017 |
In-the-wild | 8.8 | Feb 11, 2021 | Acrobat Reader DC | Link |
| VMware Post-Authentication OS Command Injection Remote Code execution (RCE) Bug
CVE-2021-21976 |
Unknown | 7.2 | Feb 11, 2021 | vSphere Replication | Link |
| Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074 | CVE-2021-24094 |
POC Exploit Code Available | 9.8 | Feb 9, 2021 | Windows 10 | Link Link |
| Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1732 |
In-the-wild | 7.8 | Feb 9, 2021 | Windows 10 | Link |
| Google Chrome Heap Buffer Overflow Remote Code execution (RCE) Vulnerability
CVE-2021-21148 |
In-the-wild | 8.8 | Feb 9, 2021 | Google Chrome prior to 88.0.4324.150 | Link |
| Remote Code Execution (RCE) Bug in SAP Commerce
CVE-2021-21477 |
Unknown | 9.9 | Feb 9, 2021 | SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Sudo Off-by-One Heap-Based Buffer Overflow Privilege Escalation Bug
CVE-2021-3156 |
In-the-wild | 7.8 | Jan 29, 2021 | Sudo before 1.9.5p2 | Link |
| Apache Druid Arbitrary User-Provided JavaScript Code Execution Bug
CVE-2021-25646 |
POC Exploit Code Available | 8.8 | Jan 29, 2021 | Apache Druid | Link |
| Oracle Fusion Middleware Easily Exploitable Bug Leading Network Access via HTTP to Compromise Oracle WebLogic Server
CVE-2021-2109 |
POC Exploit Code Available | 7.2 | Jan 20, 2021 | Oracle WebLogic Server | Link |
| Python 3 Heap Buffer Overflow Remote Code execution (RCE) Bug
CVE-2021-3177 |
Unknown | 8.8 | Jan 19, 2021 | Python 3.10, 3.9, 3.8, 3.7, 3.6 | Link |
| Cisco Connected Mobile Experiences (CMX) Privilege Escalation Vulnerability
CVE-2021-1144 |
Unknown | 8.8 | Jan 13, 2021 | Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2 | Link |
| Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647 |
In-the-wild | 7.8 | Jan 12, 2021 | Windows Defender | Link |
| Lavarel Ignition Unauthenticated Arbitrary Remote Code Execution Vulnerability
CVE-2021-3129 |
POC Exploit Code Available | 9.8 | Jan 12, 2021 | Laravel before 8.4.2 | Link |
| Android Out of Bounds Write Remote Code Execution Vulnerability
CVE-2021-3007 |
Unknown | 9.8 | Jan 4, 2021 | AOSP 8.0, 8.1, 9, 10, 11 | Link |
