Skip to main content
CVE-2020-21839 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-21817 MEDIUM POC This Month

A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21815 MEDIUM POC This Month

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21835 MEDIUM POC This Month

A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21834 MEDIUM POC This Month

A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libredwg
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-24324 MEDIUM POC This Month

The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS All 404 Redirect To Homepage
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-32618 MEDIUM POC PATCH This Month

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Python Flask Security
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-33041 MEDIUM POC This Month

vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft XSS RCE Vmd
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24325 MEDIUM POC This Month

The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Redirection Plugin
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24299 MEDIUM POC This Month

The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Redi Restaurant Reservation
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
5.5%
CVE-2021-24288 MEDIUM POC This Month

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Acymailing
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-27342 MEDIUM POC This Month

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 842E Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
4.6%
CVE-2021-23384 MEDIUM POC PATCH This Month

The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Koa Remove Trailing Slashes
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24326 MEDIUM POC This Month

The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS All 404 Redirect To Homepage
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24292 MEDIUM POC This Month

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Happy Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29023 MEDIUM POC PATCH This Month

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Invoiceplane
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-24327 MEDIUM POC This Month

The SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Redirection Plugin
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24323 MEDIUM POC PATCH This Month

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24315 MEDIUM POC This Month

The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Givewp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-25264 MEDIUM This Month

In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Sophos Home Intercept X
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-32456 MEDIUM This Month

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Cap Prx Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-3524 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Ceph Ceph Storage Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-32455 MEDIUM This Month

SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device´s network to cause a denial of service condition on the device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cap Prx Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-29046 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29048 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Dxp Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29045 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29051 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Dxp Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29044 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Dxp Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24290 MEDIUM This Month

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Store Locator Plus
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29043 MEDIUM PATCH This Month

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Digital Experience Platform Dxp Liferay Portal
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-32617 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-29052 MEDIUM PATCH This Month

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Dxp Liferay Portal
NVD VulDB
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy