Skip to main content
CVE-2021-31874 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Adselfservice Plus
NVD
CVSS 3.1
5.9
EPSS
4.3%
CVE-2021-35208 MEDIUM POC This Month

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-36130 MEDIUM POC PATCH This Month

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-36129 MEDIUM POC PATCH This Month

An issue was discovered in the Translate extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-36127 MEDIUM POC PATCH This Month

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-33889 MEDIUM PATCH This Month

OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because of an inconsistency in the integer data type for metric_len. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Wpantund
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-32738 MEDIUM PATCH This Month

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Js Stellar Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-26920 MEDIUM PATCH This Month

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Druid
NVD
CVSS 3.1
6.5
EPSS
9.9%
CVE-2021-35207 MEDIUM This Month

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-34807 MEDIUM This Month

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Collaboration
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-27455 MEDIUM This Month

Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Dopsoft
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-32735 MEDIUM PATCH This Month

Kirby is a content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Kirby
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32737 MEDIUM PATCH This Month

Sulu is an open-source PHP content management system based on the Symfony framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Sulu
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-36131 MEDIUM PATCH This Month

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy