Skip to main content
CVE-2021-32426 MEDIUM POC This Month

In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tw100 S4W1Ca Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33557 MEDIUM POC PATCH This Month

An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mantisbt
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-32694 MEDIUM POC PATCH This Month

Nextcloud Android app is the Android client for Nextcloud. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Nextcloud Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-32681 MEDIUM POC PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python XSS Wagtail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-32575 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-31521 MEDIUM PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-31818 MEDIUM This Month

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Server
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy