Skip to main content
CVE-2021-26303 MEDIUM POC This Month

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Expense Tracker System
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-23328 MEDIUM POC This Month

This affects all versions of package iniparserjs. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Iniparserjs
NVD
CVSS 3.1
5.6
EPSS
1.0%
CVE-2021-26307 MEDIUM POC PATCH This Month

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Raw Cpuid
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3298 MEDIUM POC This Month

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Collabtive
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.1%
CVE-2021-26304 MEDIUM POC This Month

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Expense Tracker System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-21254 MEDIUM PATCH This Month

CKEditor 5 is an open source rich text editor framework with a modular architecture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ckeditor5
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-25910 MEDIUM This Month

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 4Cct Ea6 334126Bf Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy