Skip to main content
CVE-2021-28113 MEDIUM POC THREAT This Month

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Access Gateway
NVD
CVSS 3.1
6.7
EPSS
22.3%
CVE-2021-30074 MEDIUM POC PATCH This Month

docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docsify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29011 MEDIUM POC This Month

DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dma Radius Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-25894 MEDIUM POC PATCH This Month

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Magnolia Cms
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-29661 MEDIUM POC This Month

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opc Toolbox
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25893 MEDIUM POC This Month

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Magnolia Cms
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-28941 MEDIUM POC This Month

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Magpierss
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-3374 MEDIUM POC THREAT This Month

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Shiny Server
NVD GitHub
CVSS 3.1
5.3
EPSS
14.3%
CVE-2021-30003 MEDIUM POC This Month

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia G 120W F Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-30126 MEDIUM This Month

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Controlcenter
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-1801 MEDIUM This Month

This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os Iphone Os macOS +4
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-1799 MEDIUM This Month

A port redirection issue was addressed with additional port validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipad Os Iphone Os +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-22865 MEDIUM This Month

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-1765 MEDIUM This Month

This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22201 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2021-21400 MEDIUM PATCH This Month

wire-webapp is an open-source front end for Wire, a secure collaboration platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Wire Webapp
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21532 MEDIUM This Month

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Thinos
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2021-30002 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2021-30125 MEDIUM This Month

Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jamf
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-1879 MEDIUM KEV THREAT This Month

This issue was addressed by improved management of object lifetimes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados Iphone Os Watchos
NVD
CVSS 3.1
6.1
EPSS
7.1%
CVE-2021-29652 MEDIUM PATCH This Month

Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pomerium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29651 MEDIUM PATCH This Month

Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pomerium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-28124 MEDIUM This Month

A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cohesity Dataplatform
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-30004 MEDIUM PATCH This Month

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hostapd Wpa Supplicant
NVD VulDB
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-21529 MEDIUM This Month

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service System Update
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1800 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-1797 MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os Iphone Os Mac Os X +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1791 MEDIUM This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-1786 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1781 MEDIUM This Month

A privacy issue existed in the handling of Contact cards. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-1778 MEDIUM This Month

An out-of-bounds read issue existed in the curl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Denial Of Service Information Disclosure Ipados +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-1773 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-1769 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1766 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-1760 MEDIUM This Month

A memory corruption issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +5
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-22196 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-1780 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados Iphone Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21533 MEDIUM This Month

Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-22202 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all previous versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-22198 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-22197 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy