Skip to main content
CVE-2021-3405 MEDIUM POC This Month

A flaw was found in libebml before 1.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libebml Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-27568 MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 Communications Cloud Native Core Policy Oss Support Tools +3
NVD GitHub
CVSS 3.1
5.9
EPSS
2.9%
CVE-2021-26927 MEDIUM POC PATCH This Month

A flaw was found in jasper before 2.0.25. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-27550 MEDIUM POC This Month

Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Polaris Office
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2021-23827 MEDIUM POC This Month

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft Information Disclosure Keybase
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-27583 MEDIUM POC This Month

In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-26595 MEDIUM POC This Month

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-20252 MEDIUM This Month

A flaw was found in Red Hat 3scale API Management Platform 2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat 3Scale Api Management
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-26686 MEDIUM This Month

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-26685 MEDIUM This Month

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-26682 MEDIUM This Month

A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-26678 MEDIUM This Month

A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27189 MEDIUM PATCH This Month

The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apple Information Disclosure Canadian Shield
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-3407 MEDIUM This Month

A flaw was found in mupdf 1.18.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mupdf Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
50.2%
CVE-2021-21323 MEDIUM PATCH This Month

Brave is an open source web browser with a focus on privacy and security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Brave
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-20256 MEDIUM This Month

A flaw was found in Red Hat Satellite. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Satellite
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-22113 MEDIUM PATCH This Month

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Cloud Netflix Zuul
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20220 MEDIUM PATCH This Month

A flaw was found in Undertow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling XSS Undertow Active Iq Unified Manager Oncommand Workflow Automation
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-20229 MEDIUM This Month

A flaw was found in PostgreSQL in versions before 13.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy