Skip to main content
CVE-2021-34204 MEDIUM POC This Month

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 2640 Us Firmware
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
1.4%
CVE-2021-32623 MEDIUM POC PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32245 MEDIUM POC This Month

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pagekit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32244 MEDIUM POC This Month

Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moodle
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-34801 MEDIUM POC This Month

Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Valine
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-31159 MEDIUM POC THREAT This Month

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus Msp
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
17.8%
CVE-2021-32033 MEDIUM POC This Month

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Slim Nfc 70 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2021-28979 MEDIUM This Month

SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safenet Keysecure
NVD VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-1567 MEDIUM This Month

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected. Rated medium severity (CVSS 6.7). No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1570 MEDIUM This Month

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Jabber
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-1569 MEDIUM This Month

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Jabber
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-1524 MEDIUM This Month

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meeting Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20488 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20483 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-32676 MEDIUM This Month

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nextcloud Session Fixation Talk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-1571 MEDIUM PATCH This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
6.1
EPSS
9.7%
CVE-2021-1543 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Authentication Bypass Sf220 24 Firmware Sf220 24P Firmware +7
NVD
CVSS 3.1
6.1
EPSS
9.3%
CVE-2021-1395 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Intelligence Center Packaged Contact Center Enterprise Unified Contact Center Enterprise +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3535 MEDIUM This Month

Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexpose
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-31857 MEDIUM This Month

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zoho Information Disclosure Manageengine Password Manager Pro
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2021-1568 MEDIUM This Month

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-27487 MEDIUM This Month

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Defibrillator Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-27481 MEDIUM This Month

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Defibrillator Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21668 MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
CVSS 3.1
5.4
EPSS
76.0%
CVE-2021-21667 MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
CVSS 3.1
5.4
EPSS
75.7%
CVE-2021-27479 MEDIUM This Month

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Defibrillator Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-34683 MEDIUM This Month

An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Document System
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-32659 MEDIUM PATCH This Month

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Matrix Appservice Bridge
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-28815 MEDIUM This Month

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Information Disclosure Myqnapcloud Link
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-20567 MEDIUM PATCH This Month

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy