Skip to main content
CVE-2021-32718 MEDIUM POC PATCH This Month

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Grafana RCE XSS Rabbitmq
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-32719 MEDIUM POC PATCH This Month

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Rabbitmq
NVD GitHub
CVSS 3.1
4.8
EPSS
1.4%
CVE-2021-20100 MEDIUM This Month

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Nessus
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-20099 MEDIUM This Month

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Nessus
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-32723 MEDIUM PATCH This Month

Prism is a syntax highlighting library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Prism Application Express
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-32722 MEDIUM PATCH This Month

GlobalNewFiles is a mediawiki extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Globalnewfiles
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20573 MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Security Identity Manager Adapter
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-20572 MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Security Identity Manager Adapter
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-20494 MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Security Identity Manager Adapter
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-28573 MEDIUM PATCH This Month

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2021-28563 MEDIUM PATCH This Month

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-35303 MEDIUM This Month

Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35298 MEDIUM This Month

Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-34254 MEDIUM This Month

Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Umbraco Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21084 MEDIUM This Month

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-20751 MEDIUM PATCH This Month

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ec Cube
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-20750 MEDIUM PATCH This Month

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ec Cube
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-28623 MEDIUM This Month

Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Adobe Premiere Elements
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-28597 MEDIUM This Month

Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Adobe Photoshop Elements
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-29157 MEDIUM This Month

Dovecot before 2.3.15 allows ../ Path Traversal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dovecot Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-29775 MEDIUM PATCH This Month

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Cloud Pak For Automation
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-20749 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fudousan Plugin Fudousan Plugin Pro Multi User Fudousan Plugin Pro Single User
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-20746 MEDIUM This Month

Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Popular Posts
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-35302 MEDIUM This Month

Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-35301 MEDIUM This Month

Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-32720 MEDIUM PATCH This Month

Sylius is an Open Source eCommerce platform on top of Symfony. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sylius
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-35525 MEDIUM PATCH This Month

PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Postsrsd
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-28585 MEDIUM PATCH This Month

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Magento
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-32496 MEDIUM This Month

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Visionary S Cx Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-28556 MEDIUM PATCH This Month

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
4.8
EPSS
1.4%
CVE-2021-33515 MEDIUM This Month

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Dovecot Fedora Debian Linux
NVD
CVSS 3.1
4.8
EPSS
2.8%
CVE-2021-29693 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
4.4
EPSS
0.6%
CVE-2021-35300 MEDIUM PATCH This Month

Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Zammad
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-29751 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20413 MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-28579 MEDIUM This Month

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Connect
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-28576 MEDIUM This Month

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.1
4.3
EPSS
2.6%
CVE-2021-28575 MEDIUM This Month

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.1
4.3
EPSS
2.8%
CVE-2021-28574 MEDIUM This Month

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.1
4.3
EPSS
2.8%
CVE-2021-28583 MEDIUM PATCH This Month

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Authentication Bypass Adobe Magento
NVD
CVSS 3.1
4.2
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy