Skip to main content
CVE-2020-24912 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Qcubed
NVD VulDB
CVSS 3.1
6.1
EPSS
6.3%
CVE-2021-24031 MEDIUM POC This Month

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zstandard
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-23346 MEDIUM POC PATCH This Month

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Html Parse Stringify
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-27217 MEDIUM POC This Month

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Yubihsm Shell
NVD GitHub
CVSS 3.1
4.4
EPSS
1.6%
CVE-2021-26989 MEDIUM PATCH This Month

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Data Ontap
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-23130 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-23129 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-25345 MEDIUM This Month

Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25344 MEDIUM This Month

Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25334 MEDIUM This Month

Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-26028 MEDIUM PATCH This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Joomla
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20351 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20350 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20340 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22183 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting with 11.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-25347 MEDIUM This Month

Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-26029 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-26027 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-23126 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-25339 MEDIUM This Month

Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2021-25338 MEDIUM This Month

Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2021-24032 MEDIUM PATCH This Month

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions. Rated medium severity (CVSS 4.7).

Information Disclosure Zstandard
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-22128 MEDIUM This Month

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy