Skip to main content
CVE-2021-27308 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 4images
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.2%
CVE-2021-28972 MEDIUM PATCH This Month

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Fedora Cloud Backup +2
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-25920 MEDIUM PATCH This Month

In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-28147 MEDIUM This Month

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-28146 MEDIUM This Month

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-25922 MEDIUM PATCH This Month

In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28971 MEDIUM PATCH This Month

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Intel Denial Of Service Linux Kernel Fedora +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25921 MEDIUM PATCH This Month

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
91.1%
CVE-2021-28968 MEDIUM This Month

An issue was discovered in PunBB before 1.4.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Punbb
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22321 MEDIUM This Month

There is a use-after-free vulnerability in a Huawei product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Nip6300 Firmware +13
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-28963 MEDIUM PATCH This Month

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Service Provider Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-26069 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2021-25919 MEDIUM PATCH This Month

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
69.9%
CVE-2021-25918 MEDIUM PATCH This Month

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-25917 MEDIUM PATCH This Month

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-28964 MEDIUM This Month

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Denial Of Service Race Condition Linux Kernel Fedora +5
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-22310 MEDIUM This Month

There is an information leakage vulnerability in some huawei products. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Nip6300 Firmware Nip6600 Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21438 MEDIUM This Month

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Faq Otrs
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-21437 MEDIUM This Month

Agents are able to see linked Config Items without permissions, which are defined in General Catalog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Itsmconfigurationmanagement Otrscisincustomerfrontend
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy