Skip to main content
CVE-2021-30114 MEDIUM POC This Month

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Enterprise Resource Planning
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-30112 MEDIUM POC This Month

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Enterprise Resource Planning
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-28924 MEDIUM POC This Month

Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Network Analyzer
NVD
CVSS 3.1
6.1
EPSS
9.2%
CVE-2021-30113 MEDIUM POC This Month

A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Resource Planning
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-30111 MEDIUM POC This Month

A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Resource Planning
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3012 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Arcgis Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3448 MEDIUM POC PATCH This Month

A flaw was found in dnsmasq in versions before 2.85. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Dnsmasq Enterprise Linux Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD
CVSS 3.1
4.0
EPSS
2.0%
CVE-2021-3482 MEDIUM PATCH This Month

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Exiv2 Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-22513 MEDIUM PATCH This Month

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-22512 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-22511 MEDIUM PATCH This Month

Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22312 MEDIUM This Month

There is a memory leak vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ips Module Firmware Ngfw Module Firmware Secospace Usg6300 Firmware +9
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22115 MEDIUM This Month

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-20480 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-28174 MEDIUM This Month

Mitake smart stock selection system contains a broken authentication vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Stock Selection
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3413 MEDIUM This Month

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Red Hat Information Disclosure Foreman Azurerm Satellite
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2021-1415 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization RCE Rv340 Firmware Rv340W Firmware +2
NVD
CVSS 3.1
6.3
EPSS
1.6%
CVE-2021-1414 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization RCE Rv340 Firmware Rv340W Firmware +2
NVD
CVSS 3.1
6.3
EPSS
1.9%
CVE-2021-1413 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Deserialization RCE Rv340 Firmware Rv340W Firmware +2
NVD
CVSS 3.1
6.3
EPSS
1.6%
CVE-2021-22510 MEDIUM PATCH This Month

Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Application Automation Tools
NVD
CVSS 3.1
6.1
EPSS
5.0%
CVE-2021-27945 MEDIUM PATCH This Month

The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Squirro
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-1463 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1409 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi XSS Unified Communications Manager Unified Communications Manager Im Presence Service +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1408 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi XSS Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1407 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi XSS Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1380 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi XSS Unified Communications Manager Unified Communications Manager Im Presence Service +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28686 MEDIUM This Month

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Gputweak Ii
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1406 MEDIUM This Month

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-1420 MEDIUM This Month

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2021-1467 MEDIUM This Month

A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Cisco Authentication Bypass Webex Meetings
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-1399 MEDIUM This Month

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-1475 MEDIUM PATCH This Month

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

Cisco Code Injection Umbrella
NVD
CVSS 3.1
4.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy