Skip to main content
CVE-2021-30121 MEDIUM POC PATCH This Month

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Vsa
NVD
CVSS 3.1
6.5
EPSS
4.8%
CVE-2021-33214 MEDIUM POC This Month

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Ecatcher
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-30119 MEDIUM POC PATCH THREAT This Month

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Vsa
NVD
CVSS 3.1
5.4
EPSS
59.9%
CVE-2021-35361 MEDIUM POC This Month

A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-35360 MEDIUM POC This Month

A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-35358 MEDIUM POC This Month

A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-32753 MEDIUM This Month

EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edgex Foundry
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3541 MEDIUM PATCH This Month

A flaw was found in libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libxml2 Jboss Core Services Zfs Storage Appliance Kit Active Iq Unified Manager +15
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-29712 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-33795 MEDIUM This Month

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-32972 MEDIUM This Month

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Fpwin Pro
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-32752 MEDIUM PATCH This Month

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Logs
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy