Skip to main content
CVE-2021-31207 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft Exchange Server Security Feature Bypass Vulnerability

NVD
CVSS 3.1
6.6
EPSS
93.8%
Threat
9.1
CVE-2021-31195 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Authentication Bypass Exchange Server
NVD
CVSS 3.1
6.5
EPSS
73.7%
CVE-2021-32560 MEDIUM POC PATCH This Month

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-31537 MEDIUM POC This Month

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sis Rewe Go
NVD
CVSS 3.1
6.1
EPSS
7.8%
CVE-2021-32561 MEDIUM POC PATCH This Month

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Octoprint
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-21990 MEDIUM POC This Month

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS VMware Workspace One Unified Endpoint Management
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32604 MEDIUM POC This Month

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Serv U
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-32573 MEDIUM POC This Month

The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js XSS Express Cart
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-26144 MEDIUM CISA This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Code Injection Galaxy I9305 Firmware C 250 Firmware C 260 Firmware +15
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-26143 MEDIUM CISA This Month

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware C 75 Firmware O 90 Firmware +3
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-26141 MEDIUM CISA This Month

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware Meraki Gr10 Firmware Meraki Gr60 Firmware +92
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-26140 MEDIUM CISA This Month

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware Scalance W1748 1 Firmware Scalance W1750D Firmware +191
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-26146 MEDIUM CISA This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-26139 MEDIUM PATCH CISA This Month

An issue was discovered in the kernel in NetBSD 7.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Netbsd Debian Linux C 100 Firmware C 110 Firmware +162
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-26147 MEDIUM PATCH CISA This Month

An issue was discovered in the Linux kernel 5.8.9. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required.

Code Injection Linux Linux Kernel Debian Linux C 75 Firmware +5
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2020-26145 MEDIUM PATCH This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Samsung Code Injection Galaxy I9305 Firmware 6Gk5763 1Al00 7Da0 Firmware 6Gk5766 1Ge00 7Da0 Firmware +10
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
4.3%
CVE-2021-27611 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-31209 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Exchange Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-31205 MEDIUM PATCH This Month

Windows SMB Client Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2021-26421 MEDIUM PATCH This Month

Skype for Business and Lync Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable.

Information Disclosure Lync Server Skype For Business Server
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-27619 MEDIUM This Month

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Commerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28461 MEDIUM PATCH This Month

Dynamics Finance and Operations Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-27612 MEDIUM This Month

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Microsoft Gui For Windows
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21648 MEDIUM PATCH This Month

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Credentials
NVD
CVSS 3.1
6.1
EPSS
11.3%
CVE-2021-31911 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31904 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31903 MEDIUM This Month

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31191 MEDIUM PATCH This Month

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-31185 MEDIUM PATCH This Month

Windows Desktop Bridge Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-31184 MEDIUM PATCH This Month

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2021-31178 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Microsoft 365 Apps Excel +4
NVD
CVSS 3.1
5.5
EPSS
16.0%
CVE-2021-31174 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2021-28479 MEDIUM PATCH This Month

Windows CSC Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-3504 MEDIUM PATCH This Month

A flaw was found in the hivex library in versions before 1.3.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure Hivex Enterprise Linux +2
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2021-21649 MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Dashboard View
NVD
CVSS 3.1
5.4
EPSS
72.7%
CVE-2021-3315 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31908 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27733 MEDIUM This Month

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32544 MEDIUM This Month

Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Igt
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-30174 MEDIUM This Month

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cloudiso
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-31173 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-29471 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-31907 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-31900 MEDIUM This Month

In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Code With Me
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-27618 MEDIUM This Month

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP File Upload Netweaver Process Integration
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-27617 MEDIUM This Month

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-26418 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.6
EPSS
1.2%
CVE-2021-21654 MEDIUM PATCH This Month

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure P4
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-21653 MEDIUM PATCH This Month

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Atlassian Information Disclosure Xray Test Management For Jira
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21651 MEDIUM PATCH This Month

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
CVSS 3.1
4.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy