Skip to main content
CVE-2021-31642 MEDIUM POC THREAT This Month

A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Semac S2 Firmware Semac D1 Firmware Semac D2 Firmware +8
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
43.7%
CVE-2021-24333 MEDIUM POC This Month

The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Content Copy Protection Prevent Image Save
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-24318 MEDIUM POC This Month

The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Listeo
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-24328 MEDIUM POC This Month

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Wp Login Security And History
NVD WPScan
CVSS 3.1
6.2
EPSS
0.6%
CVE-2021-31641 MEDIUM POC This Month

An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bf 430 Firmware Bf 431 Firmware Bf 450M Firmware Semac S2 Firmware +11
NVD
CVSS 3.1
6.1
EPSS
5.1%
CVE-2021-24335 MEDIUM POC This Month

The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Car Repair Services Auto Mechanic
NVD WPScan
CVSS 3.1
6.1
EPSS
3.9%
CVE-2021-24320 MEDIUM POC THREAT This Month

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bello
NVD WPScan
CVSS 3.1
6.1
EPSS
10.8%
CVE-2021-24317 MEDIUM POC This Month

The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Listeo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24316 MEDIUM POC This Month

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mediumish
NVD WPScan
CVSS 3.1
6.1
EPSS
6.4%
CVE-2021-31643 MEDIUM POC THREAT This Month

An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bf 631 Firmware Bf 630 Firmware Semac S2 Firmware Semac D1 Firmware +7
NVD
CVSS 3.1
5.4
EPSS
88.4%
CVE-2021-24334 MEDIUM POC This Month

The Instant Images - One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Instant Images One Click Unsplash Uploads
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24329 MEDIUM POC This Month

The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS WP Super Cache
NVD WPScan
CVSS 3.1
5.4
EPSS
3.3%
CVE-2021-24322 MEDIUM POC This Month

The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Database Backup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24319 MEDIUM POC This Month

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bello
NVD WPScan
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-24313 MEDIUM POC This Month

The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Prayer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24309 MEDIUM POC This Month

The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the <script> HTML tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Weekly Schedule
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-25932 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Meridian Opennms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-24331 MEDIUM POC This Month

The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smooth Scroll Page Up Down Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24330 MEDIUM POC This Month

The Funnel Builder by CartFlows - Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cartflows
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24310 MEDIUM POC This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-32652 MEDIUM POC This Month

Nextcloud Mail is a mail app for the Nextcloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-32651 MEDIUM POC PATCH This Month

OneDev is a development operations platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection LDAP Onedev
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-3543 MEDIUM This Month

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Nitro Enclaves Enterprise Linux +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-3515 MEDIUM PATCH This Month

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PostgreSQL Command Injection Pglogical
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-26111 MEDIUM This Month

A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiswitch
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-25640 MEDIUM PATCH This Month

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Open Redirect Dubbo
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2021-23021 MEDIUM This Month

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nginx Information Disclosure Nginx Controller
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-23020 MEDIUM This Month

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Controller
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3424 MEDIUM PATCH This Month

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Single Sign On
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-23388 MEDIUM PATCH This Month

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Forms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-20585 MEDIUM This Month

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-3425 MEDIUM This Month

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-32657 MEDIUM This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2021-33182 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Diskstation Manager
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-20306 MEDIUM This Month

A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Descision Manager Jbpm Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy