Skip to main content
CVE-2021-26597 MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload Netact
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22889 MEDIUM POC PATCH THREAT This Month

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Revive Adserver
NVD GitHub
CVSS 3.1
6.1
EPSS
36.3%
CVE-2021-22888 MEDIUM POC PATCH THREAT This Month

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Revive Adserver
NVD GitHub
CVSS 3.1
6.1
EPSS
19.8%
CVE-2021-3443 MEDIUM POC This Month

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-26596 MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia Netact
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29010 MEDIUM POC This Month

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29009 MEDIUM POC This Month

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29008 MEDIUM POC This Month

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-29095 MEDIUM This Month

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Memory Corruption Arcgis Server
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-29094 MEDIUM This Month

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Arcgis Server
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-29093 MEDIUM This Month

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Arcgis Server
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-27195 MEDIUM This Month

Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Vision Pro
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-3449 MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-3467 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-3446 MEDIUM PATCH This Month

A flaw was found in libtpms in versions before 0.8.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

OpenSSL Information Disclosure Libtpms Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25367 MEDIUM This Month

Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Path Traversal Notes
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25354 MEDIUM This Month

Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy