Skip to main content
CVE-2021-3318 MEDIUM POC This Month

attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dzzoffice
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.8%
CVE-2021-3272 MEDIUM POC This Month

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jasper Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-26276 MEDIUM POC PATCH This Month

scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Node Config Shield
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-36012 MEDIUM POC This Month

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Multi Store
NVD VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-25226 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25225 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25224 MEDIUM PATCH This Month

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Serverprotect
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20357 MEDIUM PATCH This Month

IBM Jazz Foundation products is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Insights Engineering Lifecycle Management +8
NVD
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy