Skip to main content
CVE-2021-27956 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-3313 MEDIUM POC PATCH This Month

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Plone
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-25933 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-25929 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-32632 MEDIUM POC PATCH This Month

Pajbot is a Twitch chat bot. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pajbot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-25930 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Horizon Meridian
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-20719 MEDIUM This Month

RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 and earlier allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Rfntps Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-22339 MEDIUM This Month

There is a denial of service vulnerability in some versions of ManageOne. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Manageone
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-23386 MEDIUM PATCH This Month

This affects the package dns-packet before 5.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dns Packet
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-29683 MEDIUM This Month

IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-29659 MEDIUM This Month

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Owncloud Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-27467 MEDIUM This Month

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Authentication Bypass X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-27465 MEDIUM This Month

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29692 MEDIUM PATCH This Month

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-3426 MEDIUM PATCH This Month

There's a flaw in Python 3's pydoc. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Fedora Debian Linux Software Collections +6
NVD
CVSS 3.1
5.7
EPSS
1.9%
CVE-2021-22409 MEDIUM This Month

There is a denial of service vulnerability in some versions of ManageOne. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Manageone
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-29687 MEDIUM This Month

IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-29682 MEDIUM This Month

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-27463 MEDIUM This Month

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-3536 MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid Descision Manager Integration Camel K +5
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy