CVE Tools
Sign in
Back to CVE-2021-28480

How to verify CVE-2021-28480

Confirm whether your systems are actually affected — run the detection command below for a yes/no answer.

How to verify this vulnerability

Scanner data tells you how to confirm whether your systems are actually affected — not just that the CVE exists. Run a Nuclei template against your target for a yes/no answer in seconds.

What's a Nuclei template? Nuclei is a free, open-source scanner. A template is a small YAML rule that probes a target and reports whether it's vulnerable. Runs locally, no agent.
1 · AUTOMATEDDetection command
nuclei -id CVE-2021-28480 -u https://your-target -rl 50 -timeout 10

Runs against your own host. Don't have Nuclei? Install guide ↗

1 Nuclei template
  • criticalOfficialhttpMicrosoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)GitHub ↗
  • criticalAI-generatedhttpMicrosoft Exchange Server Remote Code Execution VulnerabilityGitHub ↗

Find every CVE you can verify

Search the whole database by Nuclei coverage — filter by vendor, severity and KEV to build a verification list for your entire stack.

  • Filter all CVEs that ship a Nuclei template
  • Combine with vendor, severity & KEV
  • Build a scan list across your stack
Browse verifiable CVEs — Free

This template is on GitHub already — an account lets you search and filter every CVE that has one, not just this CVE.

Want us to check this for you?
Request a complimentary external exposure review — we'll look for this and more across your domain.
Request free review
Nuclei References

Latest high-severity CVEs you can verify

Newest critical/high vulnerabilities that ship a Nuclei template.

CVE-2026-541579.0◎ 1

LobeHub: Unauthenticated SSRF in `/webapi/proxy`

CVE-2025-691897.3◎ 1

WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability

CVE-2024-329498.3◎ 1

WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability

CVE-2024-327297.5◎ 1

WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

CVE-2025-310137.1◎ 8

WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

CVE-2026-223438.6◎ 1

WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

CVE-2026-223428.8◎ 1

WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability

CVE-2026-223409.3◎ 1

WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Trending CVEs to verify now

What the security world is discussing right now — and can be checked with Nuclei.

CVE-2026-20253↑ trendingKEV◎ 1

Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

CVE-2026-34910↑ trendingKEV◎ 1

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

CVE-2026-4020↑ trending◎ 1

Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

CVE-2025-55182↑ trendingKEV◎ 1

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, rea...

CVE-2024-21762↑ trendingKEV◎ 1

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versi...

CVE-2021-26855↑ trendingKEV◎ 1

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-32315↑ trendingKEV◎ 1

Openfire administration console authentication bypass

CVE-2022-40684↑ trendingKEV◎ 1

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0...