Skip to main content
CVE-2021-29447 MEDIUM POC THREAT This Month

Wordpress is an open source CMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP XXE Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
85.7%
CVE-2021-31229 MEDIUM POC This Month

An issue was discovered in libezxml.a in ezXML 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-30209 MEDIUM POC This Month

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-27545 MEDIUM POC This Month

SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-3243 MEDIUM POC This Month

Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wfilter Internet Content Filter
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21087 MEDIUM POC PATCH THREAT This Month

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Coldfusion
NVD
CVSS 3.1
5.4
EPSS
37.1%
CVE-2021-27129 MEDIUM POC This Month

CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Casap Automated Enrollment System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27672 MEDIUM POC PATCH This Month

SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenario
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-27673 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Zenario
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-27544 MEDIUM POC This Month

Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Beauty Parlour Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-0488 MEDIUM PATCH This Month

In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-29431 MEDIUM PATCH This Month

Sydent is a reference Matrix identity server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sydent
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-28055 MEDIUM PATCH This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Centreon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-26582 MEDIUM This Month

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Red Hat HP Icewall Sso Dgfw
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29432 MEDIUM PATCH This Month

Sydent is a reference matrix identity server. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sydent
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-21096 MEDIUM This Month

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Adobe Authentication Bypass Bridge
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-23886 MEDIUM This Month

Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Data Loss Prevention Endpoint
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-30479 MEDIUM This Month

An issue was discovered in Zulip Server before 3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-29450 MEDIUM This Month

Wordpress is an open source CMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
2.3%
CVE-2021-29433 MEDIUM PATCH This Month

Sydent is a reference Matrix identity server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sydent
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-23884 MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Content Security Reporter
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-30478 MEDIUM This Month

An issue was discovered in Zulip Server before 3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-30477 MEDIUM This Month

An issue was discovered in Zulip Server before 3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zulip Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-26075 MEDIUM PATCH This Month

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
4.3
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy