The number of vulnerabilities in 2021 have dramatically increased so that the technical teams in charge of the patch management find themselves drowning in a myriad of critical and urgent tasks.

Compared to 2020, which was dominated by a high prevalence of Microsoft Windows, this year, it is the Apache Server who is leading the pack with 3 critical vulnerabilities including the infamous Log4Shell which exceeded all the vulnerabilities since 1999 in the term of number of exploits.

Here is the list of Top Twenty Severe Security Vulnerabilities for year 2021. We have relied on our vFeed Indicators Of Vulnerability (IoVs) to create the list based on the following criteria:

  • Number proof-of-concepts per vulnerability
  • Ease of exploitability
  • High popularity ratio
  • Weaponization of the exploit
  • Malware based campaigns

1 – CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability
(codename: Log4Shell)

2 – CVE-2021-4034: Linux Polkit’s “pkexec” utility Local Privilege Escalation Vulnerability
(codename: PwnKit)

3 – CVE-2021-41773: Apache HTTP Server Path Traversal & Remote Code Execution

4 – CVE-2021-3156: Sudo Heap-Based Buffer Overflow Vulnerability
(codename: Baron Samedit)

5 -CVE-2021-26855: Microsoft Exchange Server Remote Code Execution Vulnerability
(codename: ProxyLogon)

6 – CVE-2021-26084: Confluence Server OGNL Injection Vulnerability

7 – CVE-2021-1675: Windows Print Spooler Remote Code Execution Vulnerability
(codename: PrintNightmare)

8 – CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability.

9 – CVE-2021-21972: VMware vCenter Server Remote Code Execution Vulnerability.

10 – CVE-2021-43798: Grafana Path Traversal Vulnerability

11 – CVE-2021-22205: GitLab Unauthenticated Remote Code Execution Vulnerability

12 – CVE-2021-42013: Apache HTTP Server Insecure Path Normalization Vulnerability

13 – CVE-2021-36934: Windows Elevation of Privilege Vulnerability
(codename: HiveNightmare / SeriousSam)

14- CVE-2021-3560: Linux Polkit Package Privilege Escalation.

15 – CVE-2021-22204: ExifTool Arbitrary Code Execution.

16 – CVE-2021-22986: F5 BIG-IP Remote Code Execution Vulnerability.

17 – CVE-2021-21300: Git for Visual Studio Remote Code Execution Vulnerability.

18 – CVE-2021-38647: Microsoft Azure Open Management Infrastructure Remote Code Execution.
(codename: OmiGod )

19 – CVE-2021-22005: VMware vCenter Analytics Service Arbitrary File Upload Vulnerability.

20 – CVE-2021-21985: VMware vCenter Server Remote Code Execution Vulnerability.

If you are interested by our vFeed Vulnerability Intelligence indicators of the Top 2021 Most Exploited Vulnerabilities in JSON files, please drop us an email (support at ) so we can send you a copy.