Skip to main content
CVE-2021-22877 MEDIUM POC PATCH This Month

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-27940 MEDIUM POC PATCH This Month

resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Orchestrator
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-22182 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting with 13.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-22878 MEDIUM POC PATCH This Month

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-20225 MEDIUM This Month

A flaw was found in grub2 in versions prior to 2.06. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2021-26854 MEDIUM PATCH This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
6.6
EPSS
19.6%
CVE-2021-22862 MEDIUM This Month

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Github
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22861 MEDIUM This Month

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Github
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21313 MEDIUM This Month

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20441 MEDIUM PATCH This Month

IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2021-25252 MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central Apex One Cloud Edge +16
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-22188 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting with 13.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-21314 MEDIUM This Month

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-21312 MEDIUM This Month

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-23347 MEDIUM PATCH This Month

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Argo Cd
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-2138 MEDIUM This Month

Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Cloud Infrastructure Data Science
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-27839 MEDIUM This Month

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Online Invoicing System
NVD GitHub
CVSS 3.1
4.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy