Skip to main content
CVE-2021-22873 MEDIUM POC THREAT This Month

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect PHP Revive Adserver
NVD GitHub
CVSS 3.1
6.1
EPSS
66.1%
CVE-2021-22872 MEDIUM POC PATCH This Month

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Revive Adserver
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2021-3186 MEDIUM POC This Month

A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda XSS Ac5 Firmware
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2021-3152 MEDIUM POC This Month

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Home Assistant
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2020-35854 MEDIUM POC This Month

Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Textpattern
NVD VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-36011 MEDIUM POC This Month

A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Smart Hospital
NVD Exploit-DB VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-22871 MEDIUM POC PATCH This Month

Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Revive Adserver
NVD GitHub
CVSS 3.1
4.8
EPSS
2.1%
CVE-2021-26272 MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm Application Express Banking Party Management +6
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-26271 MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm Application Express Financial Services Analytical Applications Infrastructure +3
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-21271 MEDIUM PATCH This Month

Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Tendermint
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-3114 MEDIUM PATCH This Month

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Fedora Debian Linux Cloud Insights Telegraf Agent +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-24085 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1071 MEDIUM This Month

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Linux For Tegra
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3308 MEDIUM PATCH This Month

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-21283 MEDIUM PATCH This Month

Flarum is an open source discussion platform for websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sticky
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-23272 MEDIUM This Month

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bpm Enterprise Bpm Enterprise Distribution For Silver Fabric
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3285 MEDIUM This Month

jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Code Composer Studio Intgrated Development Environment
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-25901 MEDIUM PATCH This Month

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Lazy Init
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-21615 MEDIUM PATCH This Month

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy