Skip to main content
CVE-2021-27520 MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.4%
CVE-2021-27519 MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
7.6%
CVE-2021-25277 MEDIUM POC This Month

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ftapi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21390 MEDIUM POC PATCH This Month

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Minio
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-3327 MEDIUM POC This Month

Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynamic Content
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20077 MEDIUM PATCH This Month

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Nessus Agent
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-25292 MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-28653 MEDIUM This Month

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Armorlock
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-28126 MEDIUM This Month

index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tranzware E Commerce Payment Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-28109 MEDIUM This Month

TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Tranzware Fimi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-27906 MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Pdfbox Fedora Banking Corporate Lending Process Management +16
NVD
CVSS 3.1
5.5
EPSS
3.3%
CVE-2021-27807 MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an infinite loop while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Pdfbox Fedora Banking Trade Finance Process Management +12
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2021-27506 MEDIUM This Month

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netasq Stormshield Network Security Clamav
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-28090 MEDIUM This Month

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25278 MEDIUM This Month

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ftapi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy