Skip to main content
CVE-2021-27933 MEDIUM POC THREAT This Month

pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pfsense
NVD
CVSS 3.1
6.1
EPSS
26.6%
CVE-2021-3508 MEDIUM POC PATCH This Month

A flaw was found in PDFResurrect in version 0.22b. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Pdfresurrect
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-29388 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Budget Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29387 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Equipment Inventory System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-23364 MEDIUM POC PATCH This Month

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Browserslist
NVD GitHub
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-31777 MEDIUM POC PATCH This Month

The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dynamic Content Elements
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-25164 MEDIUM This Month

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Aruba Airwave
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-22330 MEDIUM This Month

There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption P30 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-22327 MEDIUM This Month

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption P30 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-31779 MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Yoast Seo
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-29159 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-2321 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Oracle Information Disclosure Authentication Bypass Vm Virtualbox
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2021-31778 MEDIUM PATCH This Month

The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Media2Click
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31866 MEDIUM This Month

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-31865 MEDIUM This Month

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-31864 MEDIUM This Month

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Redmine Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-3511 MEDIUM This Month

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Bhr 4Grv Firmware Dwr Hp G300Nh Firmware Hw 450Hp Zwe Firmware +21
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy