Skip to main content
CVE-2021-25327 MEDIUM POC This Month

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Rn510 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20080 MEDIUM POC THREAT This Month

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
93.1%
CVE-2021-25326 MEDIUM POC This Month

Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rn510 Firmware
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-30159 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-30156 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-30155 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-30152 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-25375 MEDIUM This Month

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Email
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21432 MEDIUM PATCH This Month

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Vela
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-25363 MEDIUM This Month

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2021-25362 MEDIUM This Month

An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2021-30458 MEDIUM PATCH This Month

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Parsoid
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-25357 MEDIUM This Month

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25378 MEDIUM This Month

Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Smartthings
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-25376 MEDIUM This Month

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Email
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-21728 MEDIUM This Month

A ZTE product has a configuration error vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxa10 C300M Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy