Skip to main content
CVE-2021-28211 MEDIUM POC This Month

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-3256 MEDIUM POC This Month

KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Kuaifancms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22912 MEDIUM POC This Month

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22906 MEDIUM POC This Month

Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Denial Of Service End To End Encryption
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-22905 MEDIUM POC This Month

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-34540 MEDIUM POC This Month

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webaccess
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-22895 MEDIUM POC PATCH This Month

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nextcloud Information Disclosure Desktop Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-25413 MEDIUM POC This Month

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25397 MEDIUM POC This Month

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25393 MEDIUM POC This Month

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25392 MEDIUM POC This Month

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22897 MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function +18
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-26829 MEDIUM POC KEV THREAT This Month

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Scadabr
NVD
CVSS 3.1
5.4
EPSS
48.0%
CVE-2021-25391 MEDIUM POC This Month

Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2021-25390 MEDIUM POC This Month

Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2021-25396 MEDIUM This Month

An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-23204 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-23136 MEDIUM This Month

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-22913 MEDIUM This Month

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Deck
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22181 MEDIUM This Month

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-25419 MEDIUM This Month

Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-25416 MEDIUM This Month

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-25406 MEDIUM This Month

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gear S
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-26997 MEDIUM This Month

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E Series Santricity Os Controller
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-25395 MEDIUM KEV THREAT This Month

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Authentication Bypass Android
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-25394 MEDIUM KEV THREAT This Month

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Rated medium severity (CVSS 6.4). No vendor patch available.

Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-22903 MEDIUM PATCH This Month

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Rails
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-25389 MEDIUM This Month

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2021-0484 MEDIUM PATCH This Month

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0480 MEDIUM PATCH This Month

In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28689 MEDIUM This Month

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28687 MEDIUM This Month

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-25423 MEDIUM This Month

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watch Active2 Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25422 MEDIUM This Month

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watch Active Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25421 MEDIUM This Month

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch 3 Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25420 MEDIUM This Month

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25415 MEDIUM This Month

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25405 MEDIUM This Month

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Notes
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-28805 MEDIUM This Month

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qnap Information Disclosure Qss
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-23393 MEDIUM PATCH This Month

This affects the package Flask-Unchained before 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Flask Unchained
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22764 MEDIUM This Month

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerlogic Pm5560 Firmware Powerlogic Pm5561 Firmware Powerlogic Pm5562 Firmware Powerlogic Pm5563 Firmware
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2021-22749 MEDIUM This Month

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon X80 Bmxnor0200H Rtu Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-25425 MEDIUM This Month

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-26993 MEDIUM This Month

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E Series Santricity Os Controller
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-22769 MEDIUM This Month

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Easergy T300 Firmware
NVD VulDB
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-23211 MEDIUM This Month

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-23182 MEDIUM This Month

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-25411 MEDIUM This Month

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-23230 MEDIUM This Month

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Command Centre
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-22896 MEDIUM PATCH This Month

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Nextcloud Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy