CVEs and Exploits

CVE-2021-41349 Microsoft Exchange Server UnAuth XSS

CVE-2021-23015 Post-Auth RCE on F5 BIG IP iControl REST API

CVE-2021-28966 Path traversal in Ruby's Tempfile class on Windows

Reversed CVE-2021-22986 (F5 iControl REST API Auth Bypass + RCE)

Reversed CVE-2020-15505 (MobileIron Pre-Auth RCE)

Reversed CVE-2020-5284 (Next.js Path Traversal)

CVE-2021-21307 (Lucee CMS Pre-Auth RCE)

An unauthenticated Remote Code Exploit chain (RCE) was found in the Lucee Admin code

CVE-2020-11053 (OAuth-Proxy Open Redirect Bypass)

CVE-2020-7011 (Elastic App Search Stored XSS)

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim's web browser.