Skip to main content
CVE-2021-32537 MEDIUM POC This Month

Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hda Driver
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-35451 MEDIUM POC This Month

In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pcoip Management Console
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34625 MEDIUM POC This Month

A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts.2.3 and prior. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Upload Restriction
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32715 MEDIUM POC PATCH This Month

hyper is an HTTP library for rust. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Hyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-22233 MEDIUM POC This Month

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-34626 MEDIUM POC This Month

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators.2.3 and prior. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Upload Restriction
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-32526 MEDIUM This Month

Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-32509 MEDIUM This Month

Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Storage Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32508 MEDIUM This Month

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Storage Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32507 MEDIUM This Month

Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Storage Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32506 MEDIUM This Month

Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Storage Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-22224 MEDIUM This Month

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20738 MEDIUM This Month

WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrc 1167Fs W Firmware Wrc 1167Fs B Firmware Wrc 1167Fsa Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-36212 MEDIUM PATCH This Month

app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-26039 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-26035 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-22227 MEDIUM This Month

A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-22225 MEDIUM This Month

Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20416 MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-32528 MEDIUM This Month

Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-32515 MEDIUM This Month

Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-26037 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-20417 MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-33215 MEDIUM This Month

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruckus Iot Controller
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-32511 MEDIUM This Month

QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-32510 MEDIUM This Month

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Storage Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-34627 MEDIUM This Month

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators.2.3 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wp Upload Restriction
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-22231 MEDIUM This Month

A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-20777 MEDIUM This Month

Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Gu
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy