Skip to main content
CVE-2021-29479 MEDIUM POC PATCH This Month

Ratpack is a toolkit for creating web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ratpack
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-31505 MEDIUM This Month

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Q Plus Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-20079 MEDIUM This Month

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nessus
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-28690 MEDIUM PATCH This Month

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xen
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32721 MEDIUM PATCH This Month

PowerMux is a drop-in replacement for Go's http.ServeMux. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Powermux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20105 MEDIUM This Month

Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect PHP Machform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20103 MEDIUM This Month

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Machform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20101 MEDIUM This Month

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Machform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20490 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Privilege Escalation Spectrum Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20477 MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22338 MEDIUM This Month

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Ecns280 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-22341 MEDIUM This Month

There is a memory leak vulnerability in Huawei products. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ips Module Firmware Ngfw Module Firmware Nip6300 Firmware +4
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-22329 MEDIUM This Month

There has a license management vulnerability in some Huawei products. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure S12700 Firmware S1700 Firmware S2700 Firmware +4
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-20580 MEDIUM This Month

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-22340 MEDIUM This Month

There is a multiple threads race condition vulnerability in Huawei product. Rated medium severity (CVSS 4.1). No vendor patch available.

Huawei Denial Of Service Race Condition Manageone Smc2 0
NVD
CVSS 3.1
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy