Skip to main content
CVE-2021-21402 MEDIUM POC PATCH THREAT This Month

Jellyfin is a Free Software Media System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Jellyfin
NVD GitHub
CVSS 3.1
6.5
EPSS
79.9%
CVE-2021-27310 MEDIUM POC This Month

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clansphere
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2021-27309 MEDIUM POC This Month

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clansphere
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-23362 MEDIUM POC PATCH This Month

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Hosted Git Info Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
5.3
EPSS
3.6%
CVE-2021-27969 MEDIUM POC This Month

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolphin
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-27531 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27530 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27529 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27528 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27527 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27526 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynpg
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-27908 MEDIUM POC PATCH This Month

In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mautic
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-21376 MEDIUM PATCH This Month

OMERO.web is open source Django-based software for managing microscopy imaging. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Omero Web
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-21338 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect PHP Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-3409 MEDIUM PATCH This Month

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Qemu Enterprise Linux +2
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-28100 MEDIUM This Month

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Priam
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20227 MEDIUM PATCH This Month

A flaw was found in SQLite's SELECT query functionality (src/select.c). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service RCE Memory Corruption Sqlite +6
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-20219 MEDIUM This Month

A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-21377 MEDIUM PATCH This Month

OMERO.web is open source Django-based software for managing microscopy imaging. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Omero Web
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-21370 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-21358 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-21340 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-28099 MEDIUM This Month

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hollow
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy