Skip to main content
CVE-2021-27328 MEDIUM POC This Month

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Neogate Tg400 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
9.0%
CVE-2021-3204 MEDIUM POC This Month

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Webdesktop
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3189 MEDIUM POC This Month

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Node.js Slashify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-27214 MEDIUM POC This Month

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-23342 MEDIUM POC PATCH This Month

This affects the package docsify before 4.12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Docsify
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-27404 MEDIUM POC This Month

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Askey Rtf8115Vw Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27403 MEDIUM POC This Month

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Askey Rtf8115Vw Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-26713 MEDIUM This Month

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Asterisk Certified Asterisk
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-26746 MEDIUM PATCH This Month

Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Chamilo
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-21512 MEDIUM This Month

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerprotect Cyber Recovery
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-27351 MEDIUM This Month

The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Telegram
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-22701 MEDIUM This Month

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Powerlogic Ion7400 Firmware Powerlogic Ion7650 Firmware Powerlogic Ion8600 Firmware Powerlogic Ion8650 Firmware +6
NVD VulDB
CVSS 3.1
4.5
EPSS
0.2%
CVE-2021-3339 MEDIUM This Month

ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Modernflow
NVD
CVSS 3.1
4.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy