Skip to main content
CVE-2021-29416 MEDIUM POC This Month

An issue was discovered in PortSwigger Burp Suite before 2021.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Burp Suite
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29267 MEDIUM POC This Month

Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sherlockim
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29274 MEDIUM POC This Month

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-27352 MEDIUM POC This Month

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Ilch Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-27244 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-27241 MEDIUM This Month

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Premium Security
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-3391 MEDIUM This Month

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mobile Work
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy