Skip to main content
CVE-2021-34546 MEDIUM POC This Month

An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Netsetman
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2021-26199 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26198 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26197 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26194 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-27347 MEDIUM POC This Month

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-27345 MEDIUM POC This Month

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-34557 MEDIUM POC PATCH This Month

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Xscreensaver Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2021-34547 MEDIUM POC This Month

PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Prtg Network Monitor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-21735 MEDIUM This Month

A ZTE product has an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-20329 MEDIUM PATCH This Month

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Go Driver
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21664 MEDIUM PATCH This Month

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Xebialabs Xl Deploy
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21666 MEDIUM PATCH This Month

Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Kiuwan
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-20293 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Resteasy Oncommand Insight
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-30641 MEDIUM This Month

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server Debian Linux Fedora +3
NVD
CVSS 3.1
5.3
EPSS
52.3%
CVE-2021-31927 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Loyalty Experience Platform
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-21663 MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21662 MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21661 MEDIUM PATCH This Month

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-31929 MEDIUM This Month

Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Loyalty Experience Platform
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy