Skip to main content
CVE-2021-32747 MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-24454 MEDIUM POC This Month

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yop Poll
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-24434 MEDIUM POC This Month

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Glass
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24429 MEDIUM POC This Month

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salon Booking System
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24409 MEDIUM POC This Month

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Prismatic
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-24439 MEDIUM POC This Month

The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Browser Screenshots
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24424 MEDIUM POC This Month

The WP Reset - Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Reset
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24421 MEDIUM POC This Month

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jobsearch Wp Job Board
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24420 MEDIUM POC This Month

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Request A Quote
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24408 MEDIUM POC This Month

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Prismatic
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24365 MEDIUM POC This Month

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Admin Columns
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-32746 MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Icinga
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-36381 MEDIUM POC This Month

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Transaction Management
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-22918 MEDIUM POC PATCH THREAT This Month

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Node.js Information Disclosure Node Js Sinec Infrastructure Network Services
NVD
CVSS 3.1
5.3
EPSS
23.1%
CVE-2021-24440 MEDIUM POC This Month

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sign Up Sheets
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24427 MEDIUM POC This Month

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W3 Total Cache
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24426 MEDIUM POC This Month

The Backup by 10Web - Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup Wd
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24419 MEDIUM POC This Month

The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Youtube Lyte
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24418 MEDIUM POC This Month

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smooth Scroll Page Up Down Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-32707 MEDIUM POC PATCH This Month

Nextcloud Mail is a mail app for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-36383 MEDIUM POC This Month

Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xo Server Xo Web
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21591 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21590 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21589 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-32689 MEDIUM PATCH This Month

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Talk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-30640 MEDIUM PATCH This Month

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Tomcat Apache Authentication Bypass Communications Cloud Native Core Policy Communications Diameter Signaling Router +4
NVD
CVSS 3.1
6.5
EPSS
9.9%
CVE-2021-24013 MEDIUM This Month

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Fortimail
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-30129 MEDIUM PATCH This Month

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.0.0 and later versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Apache Sshd Banking Payments Banking Trade Finance +6
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2021-22917 MEDIUM This Month

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Browser
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-22515 MEDIUM This Month

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netiq Advanced Authentication
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-32733 MEDIUM PATCH This Month

Nextcloud Text is a collaborative document editing application that uses Markdown. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Nextcloud XSS Nextcloud Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-35037 MEDIUM This Month

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Jamf
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-22916 MEDIUM This Month

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2021-29822 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29805 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29804 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29803 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32754 MEDIUM This Month

FlowDroid is a data flow analysis tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE Flowdroid
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-32741 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-32734 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-32725 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-32703 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-33037 MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache Information Disclosure Tomee +20
NVD
CVSS 3.1
5.3
EPSS
75.4%
CVE-2021-32678 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-20414 MEDIUM This Month

IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-26099 MEDIUM This Month

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimail
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-21588 MEDIUM This Month

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerflex Presentation Server
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy