Skip to main content
CVE-2021-20066 MEDIUM POC This Month

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Jsdom
NVD GitHub
CVSS 3.1
5.6
EPSS
1.4%
CVE-2021-27203 MEDIUM POC This Month

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Private Disk
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-27231 MEDIUM POC This Month

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-27237 MEDIUM POC PATCH This Month

The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Blackcat Cms
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-23841 MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Nessus Network Monitor +20
NVD
CVSS 3.1
5.9
EPSS
7.5%
CVE-2021-20067 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Dge Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-21317 MEDIUM PATCH This Month

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Python Denial Of Service Uap Core
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2021-27235 MEDIUM This Month

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Voice
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-27233 MEDIUM This Month

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Voice
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-20071 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20070 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20069 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20068 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy