Skip to main content
CVE-2021-29484 MEDIUM POC PATCH This Month

Ghost is a Node.js CMS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js XSS Ghost
NVD GitHub
CVSS 3.1
6.8
EPSS
7.9%
CVE-2021-30227 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-25810 MEDIUM POC This Month

Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mercury X18G Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-28280 MEDIUM POC PATCH This Month

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP XSS Phpfusion
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21417 MEDIUM POC This Month

fluidsynth is a software synthesizer based on the SoundFont 2 specifications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Fluidsynth Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30219 MEDIUM POC PATCH This Month

samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Samurai
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30218 MEDIUM POC PATCH This Month

samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Samurai
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30027 MEDIUM POC PATCH This Month

md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Md4C
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30048 MEDIUM POC This Month

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Novel Boutique House Plus
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-1488 MEDIUM This Month

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1476 MEDIUM This Month

A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-1489 MEDIUM This Month

A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Device Manager
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31419 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31418 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31417 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-29141 MEDIUM This Month

A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Clearpass
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29138 MEDIUM This Month

A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Clearpass
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29144 MEDIUM This Month

A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Clearpass
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-25214 MEDIUM PATCH This Month

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Sinec Infrastructure Network Services +11
NVD
CVSS 3.1
6.5
EPSS
5.9%
CVE-2021-21391 MEDIUM PATCH This Month

CKEditor 5 provides a WYSIWYG editing solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Microsoft Denial Of Service Ckeditor5 Engine Ckeditor5 Font +6
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-29137 MEDIUM This Month

A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Aruba Airwave
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31879 MEDIUM This Month

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wget Brocade Fabric Operating System Firmware Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-1256 MEDIUM This Month

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Information Disclosure Firepower Threat Defense
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-31432 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2021-31431 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2021-31430 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2021-31423 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2021-31421 MEDIUM This Month

This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2021-31427 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. Rated medium severity (CVSS 5.6). No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2021-1087 MEDIUM This Month

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Virtual Gpu Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1369 MEDIUM This Month

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service XXE Firepower Device Manager
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-29146 MEDIUM This Month

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aruba Clearpass
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-1495 MEDIUM This Month

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firepower Threat Defense Ios Xe Snort
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-1458 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1457 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1456 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1455 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-29139 MEDIUM This Month

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aruba Clearpass
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-29142 MEDIUM This Month

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aruba Clearpass
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-1477 MEDIUM This Month

A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Secure Firewall Management Center
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy