Skip to main content
CVE-2021-21362 MEDIUM POC PATCH This Month

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Minio
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21324 MEDIUM POC PATCH This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21337 MEDIUM POC PATCH This Month

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Products Pluggableauthservice
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
8.4%
CVE-2021-21354 MEDIUM POC PATCH This Month

Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Mozilla Open Redirect Pollbot
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-21336 MEDIUM PATCH This Month

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Products Pluggableauthservice Plone
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-21326 MEDIUM This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21510 MEDIUM This Month

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Idrac8 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-27576 MEDIUM This Month

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rumpus
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27222 MEDIUM This Month

In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Time In Status
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-23351 MEDIUM PATCH This Month

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Go Proxyproto Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-21325 MEDIUM This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-22134 MEDIUM PATCH This Month

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy