CVE in 2021

1,959 vulnerabilities published -65.4% vs 2020

2018 2019 2020 2021 2022 2023 2024

1,959

Total CVEs

Critical

High

7.3

CVSS Average

Monthly Distribution

433 CVEs

2 critical

Jan

433

48 CVEs

1 critical

Feb

158 CVEs

3 critical

Mar

158

124 CVEs

2 critical

Apr

124

52 CVEs

0 critical

May

237 CVEs

2 critical

Jun

237

38 CVEs

1 critical

Jul

179 CVEs

1 critical

Aug

179

51 CVEs

3 critical

Sep

21 CVEs

5 critical

Oct

148 CVEs

0 critical

Nov

148

470 CVEs

3 critical

Dec

470

Top 20 Most Critical CVEs of 2021

View all

CVE-2021-44228 KEV

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and…

Dec 10 10.0

CVE-2021-22893 KEV

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser…

Apr 23 10.0

CVE-2020-35945

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated…

Jan 1 9.9

CVE-2021-38163 KEV

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative…

Sep 14 9.9

CVE-2021-43113

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled…

Dec 15 9.8

CVE-2021-38383

OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.

Aug 10 9.8

CVE-2017-20005

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a…

Jun 6 9.8

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.

Apr 14 9.8

CVE-2021-33045 KEV

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication…

Sep 15 9.8

CVE-2021-33044 KEV

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication…

Sep 15 9.8

CVE-2021-22681 KEV

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key…

Mar 3 9.8

CVE-2021-24863

The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67…

Dec 13 9.8

CVE-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in…

Jan 19 9.8

CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due…

Oct 12 9.8

CVE-2021-41644

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that…

Oct 29 9.8

CVE-2021-41773 KEV

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use…

Oct 5 9.8

CVE-2021-20232

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption…

Mar 12 9.8

CVE-2021-20699

Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to…

Jun 7 9.8

CVE-2021-41646

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that…

Oct 29 9.8

CVE-2021-25779

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.

Feb 17 9.8

Explore Other Years

2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012

CVE Vulnerabilities

Posts & Pages

CVE in 2021

Monthly Distribution

Top 20 Most Critical CVEs of 2021

Explore Other Years