Skip to main content
CVE-2021-29449 MEDIUM POC THREAT This Month

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Privilege Escalation Pi Hole
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
11.4%
CVE-2021-27180 MEDIUM POC PATCH This Month

An issue was discovered in MDaemon before 20.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mdaemon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27288 MEDIUM POC This Month

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-26812 MEDIUM POC THREAT This Month

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Meet
NVD GitHub
CVSS 3.1
6.1
EPSS
97.5%
CVE-2021-28856 MEDIUM POC PATCH This Month

In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Deark
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-28855 MEDIUM POC PATCH This Month

In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Deark
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30494 MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-30493 MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-29338 MEDIUM POC This Month

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Openjpeg Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.6%
CVE-2021-27815 MEDIUM POC PATCH This Month

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Exif Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-26805 MEDIUM POC This Month

Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-27989 MEDIUM POC This Month

Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appspace
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-28060 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SSRF Group Office
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-28048 MEDIUM This Month

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-27250 MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

D-Link Information Disclosure Dap 2020 Firmware
NVD
CVSS 3.1
6.5
EPSS
66.0%
CVE-2021-27247 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Wechat
NVD
CVSS 3.1
6.5
EPSS
6.4%
CVE-2021-27604 MEDIUM This Month

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Java Netweaver Process Integration
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-27599 MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-26030 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
82.3%
CVE-2021-26832 MEDIUM This Month

Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Priority Enterprise Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-26031 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy