Skip to main content
CVE-2021-21430 MEDIUM POC PATCH This Month

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Openapi Generator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-29022 MEDIUM POC This Month

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Invoiceplane
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-3003 MEDIUM POC This Month

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Desktop Telematico
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-32489 MEDIUM POC This Month

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow OpenSSL Yubihsm Shell
NVD
CVSS 3.1
4.4
EPSS
0.9%
CVE-2021-29502 MEDIUM PATCH This Month

WarnSystem is a cog (plugin) for the Red discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Warnsystem
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29501 MEDIUM PATCH This Month

Ticketer is a command based ticket system cog (plugin) for the red discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dav Cogs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20577 MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cloud Pak For Security
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20717 MEDIUM PATCH This Month

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-20559 MEDIUM PATCH This Month

IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Control Desk
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32053 MEDIUM PATCH This Month

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Hapi Fhir
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-23016 MEDIUM This Month

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25645 MEDIUM This Month

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-32056 MEDIUM PATCH This Month

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass Imap Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy