Skip to main content
CVE-2021-22881 MEDIUM POC PATCH THREAT This Month

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Rails Fedora
NVD
CVSS 3.1
6.1
EPSS
87.3%
CVE-2021-21310 MEDIUM POC PATCH This Month

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2021-21057 MEDIUM This Month

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.1
6.6
EPSS
1.1%
CVE-2021-21042 MEDIUM This Month

Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.1
6.5
EPSS
14.7%
CVE-2021-21055 MEDIUM This Month

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Adobe Dreamweaver
NVD
CVSS 3.1
6.2
EPSS
0.8%
CVE-2021-21032 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Adobe Magento
NVD
CVSS 3.0
5.6
EPSS
1.6%
CVE-2021-21031 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Adobe Magento
NVD
CVSS 3.0
5.6
EPSS
1.7%
CVE-2021-25688 MEDIUM This Month

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pcoip Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21026 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2021-21022 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-21020 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2021-20404 MEDIUM This Month

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Verify Information Queue
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-21029 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
4.8
EPSS
84.7%
CVE-2021-21023 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.0
4.8
EPSS
1.6%
CVE-2021-21060 MEDIUM This Month

Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Adobe Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
4.6
EPSS
1.6%
CVE-2021-20335 MEDIUM This Month

For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ops Manager
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2021-21034 MEDIUM This Month

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.1
4.3
EPSS
2.5%
CVE-2021-21027 MEDIUM PATCH This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Adobe Magento
NVD
CVSS 3.0
4.3
EPSS
1.7%
CVE-2021-21301 MEDIUM PATCH This Month

Wire is an open-source collaboration platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Wire
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy