Skip to main content
CVE-2021-28459 MEDIUM POC PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft XSS Azure Devops Server
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-30637 MEDIUM POC This Month

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Htmly
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2021-30044 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30042 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30039 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30034 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-30030 MEDIUM POC This Month

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-28973 MEDIUM POC This Month

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Helix Alm
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-29425 MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io Debian Linux Access Manager +57
NVD
CVSS 3.1
4.8
EPSS
10.6%
CVE-2021-28447 MEDIUM POC PATCH This Month

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
4.4
EPSS
2.0%
CVE-2021-27094 MEDIUM POC PATCH This Month

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
4.4
EPSS
1.0%
CVE-2021-29437 MEDIUM PATCH This Month

ScratchOAuth2 is an Oauth implementation for Scratch. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Scratchoauth2
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-27092 MEDIUM PATCH This Month

Azure AD Web Sign-in Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
2.6%
CVE-2021-0468 MEDIUM This Month

In LK, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2021-29435 MEDIUM PATCH This Month

trestle-auth is an authentication plugin for the Trestle admin framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Trestle Auth
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-28442 MEDIUM PATCH This Month

Windows TCP/IP Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
6.5%
CVE-2021-28441 MEDIUM PATCH This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28328 MEDIUM PATCH This Month

Windows DNS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-28325 MEDIUM PATCH This Month

Windows SMB Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
6.5
EPSS
61.6%
CVE-2021-28323 MEDIUM PATCH This Month

Windows DNS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2021-28311 MEDIUM PATCH This Month

Windows Application Compatibility Cache Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-27067 MEDIUM PATCH This Month

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Team Foundation Server Azure Devops Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-27609 MEDIUM This Month

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Focused Run
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-27603 MEDIUM This Month

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21485 MEDIUM This Month

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21729 MEDIUM This Month

Some ZTE products have CSRF vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Zxhn H168N Firmware Zxhn H108N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-26413 MEDIUM PATCH This Month

Windows Installer Spoofing Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2021-29370 MEDIUM This Month

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Cheetah Browser
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-28444 MEDIUM PATCH This Month

Windows Hyper-V Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
5.7
EPSS
1.7%
CVE-2021-27079 MEDIUM PATCH This Month

Windows Media Photo Codec Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.7
EPSS
2.9%
CVE-2021-28456 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +2
NVD
CVSS 3.1
5.5
EPSS
3.7%
CVE-2021-28443 MEDIUM PATCH This Month

Windows Console Driver Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-28438 MEDIUM PATCH This Month

Windows Console Driver Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-28437 MEDIUM PATCH This Month

Windows Installer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28435 MEDIUM PATCH This Month

Windows Event Tracing Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28326 MEDIUM PATCH This Month

Windows AppX Deployment Server Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-28318 MEDIUM PATCH This Month

Windows GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28317 MEDIUM PATCH This Month

Microsoft Windows Codecs Library Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28309 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-27093 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-26417 MEDIUM PATCH This Month

Windows Overlay Filter Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-0471 MEDIUM PATCH This Month

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0444 MEDIUM PATCH This Month

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0436 MEDIUM PATCH This Month

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Buffer Overflow Integer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0428 MEDIUM PATCH This Month

In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0400 MEDIUM PATCH This Month

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-28646 MEDIUM This Month

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-29438 MEDIUM PATCH This Month

The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Nextcloud XSS Nextcloud Dialogs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-27601 MEDIUM This Month

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27600 MEDIUM This Month

SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Manufacturing Execution
NVD
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy