Skip to main content
CVE-2021-26835 MEDIUM POC This Month

No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zettlr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-26834 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Znote
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33347 MEDIUM POC This Month

An issue was discovered in JPress v3.3.0 and below. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33577 MEDIUM POC This Month

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lexicom
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-34815 MEDIUM POC This Month

CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Canopy
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-32954 MEDIUM This Month

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webaccess Scada
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2021-32956 MEDIUM This Month

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Webaccess Scada
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32536 MEDIUM This Month

The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mcusystem
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-23846 MEDIUM This Month

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure B426 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2021-21997 MEDIUM PATCH This Month

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure VMware Tools
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-32696 MEDIUM PATCH This Month

The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js XSS Striptags
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34808 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SSRF Media Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-34811 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-34553 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy