Skip to main content
CVE-2021-20196 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3486 MEDIUM POC This Month

GLPi 9.5.4 does not sanitize the metadata. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-30471 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30470 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30469 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Podofo Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-28170 MEDIUM POC PATCH This Month

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jakarta Expression Language Quarkus Communications Cloud Native Core Policy Weblogic Server
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-33469 MEDIUM POC This Month

COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Covid19 Testing Management System
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-31924 MEDIUM This Month

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pam U2F Fedora
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-22741 MEDIUM PATCH This Month

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Clearscada Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-22740 MEDIUM This Month

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-20486 MEDIUM PATCH This Month

IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26034 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-26033 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-26032 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-22739 MEDIUM This Month

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-27676 MEDIUM PATCH This Month

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Centreon
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-3527 MEDIUM PATCH This Month

A flaw was found in the USB redirector device (usb-redir) of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20297 MEDIUM PATCH This Month

A flaw was found in NetworkManager in versions before 1.30.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Networkmanager Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20191 MEDIUM PATCH This Month

A flaw was found in ansible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtualization Ansible Ansible Tower Cisco Nx Os Collection +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20178 MEDIUM PATCH This Month

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Tower Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-29253 MEDIUM This Month

The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-26680 MEDIUM This Month

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vfairs
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29252 MEDIUM This Month

RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-25643 MEDIUM This Month

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2020-26679 MEDIUM This Month

vFairs 3.3 is affected by Insecure Permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass PHP Vfairs
NVD VulDB
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20177 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of string matching within a packet. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy