Skip to main content
CVE-2021-3133 MEDIUM POC PATCH This Month

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress Elementor Contact Form Db
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21468 MEDIUM POC This Month

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Business Warehouse
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-1646 MEDIUM This Month

Windows WLAN Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2021-1679 MEDIUM This Month

Windows CryptoAPI Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2021-21471 MEDIUM This Month

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cla Assistant
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-21448 MEDIUM This Month

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft SAP Graphical User Interface
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-23927 MEDIUM This Month

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2021-23936 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via the subject of a task. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-23935 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23934 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23933 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23932 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23931 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an inline binary file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23930 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23929 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23928 MEDIUM This Month

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23125 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-23124 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
81.2%
CVE-2021-1708 MEDIUM This Month

Windows GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.7
EPSS
3.4%
CVE-2021-1725 MEDIUM PATCH This Month

Bot Framework SDK Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Bot Framework Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-1699 MEDIUM This Month

Windows (modem.sys) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2021-1696 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2021-1677 MEDIUM This Month

Azure Active Directory Pod Identity Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Kubernetes Service
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-1676 MEDIUM This Month

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-1672 MEDIUM This Month

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-1670 MEDIUM This Month

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-1663 MEDIUM This Month

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-1656 MEDIUM This Month

TPM Device Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2021-1637 MEDIUM This Month

Windows DNS Query Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-21447 MEDIUM This Month

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-21445 MEDIUM This Month

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling XSS SAP Commerce Cloud
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-23123 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-1684 MEDIUM This Month

Microsoft is aware of the &quot;Impersonation in the Passkey Entry Protocol&quot; vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2021-1683 MEDIUM This Month

Microsoft is aware of the &quot;Impersonation in the Passkey Entry Protocol&quot; vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.0
EPSS
1.7%
CVE-2021-1645 MEDIUM This Month

Windows Docker Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Docker Microsoft Information Disclosure Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
5.0
EPSS
7.3%
CVE-2021-1717 MEDIUM This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.6
EPSS
1.8%
CVE-2021-1641 MEDIUM This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.6
EPSS
1.8%
CVE-2021-21470 MEDIUM This Month

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft XXE SAP Enterprise Performance Management
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21467 MEDIUM This Month

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Banking Services
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-21464 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-1705 MEDIUM This Month

Microsoft Edge (HTML-based) Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Microsoft Edge
NVD
CVSS 3.1
4.2
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy