Latest zero-days Total: 555, in 2021: Zero-days 82, candidates: 1

Privilege escalation in Microsoft Windows

Not patched

Arbitrary file upload in FatPipe WARP, MPVPN and IPVPN

The vulnerability allows multiple APT actors to gain access to an unrestricted file upload function and execute arbitrary code on the system.

Remote code execution in Microsoft Excel
CVE-2021-42292

Remote code execution in Microsoft Exchange Server
CVE-2021-42321

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.