Skip to main content
CVE-2021-27124 MEDIUM POC This Month

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doctor Appointment System
NVD
CVSS 3.1
6.5
EPSS
5.7%
CVE-2021-3271 MEDIUM POC PATCH This Month

PressBooks 5.17.3 contains a cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pressbooks
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-20445 MEDIUM PATCH This Month

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Maximo For Civil Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20444 MEDIUM PATCH This Month

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo For Civil Infrastructure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-26906 MEDIUM PATCH This Month

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.1
5.9
EPSS
2.5%
CVE-2021-21318 MEDIUM PATCH This Month

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20446 MEDIUM PATCH This Month

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo For Civil Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27375 MEDIUM PATCH This Month

Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Traefik
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy