Skip to main content
CVE-2021-3647 MEDIUM POC PATCH This Month

URI.js is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Uri Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21803 MEDIUM POC This Month

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
7.9%
CVE-2021-21802 MEDIUM POC This Month

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
9.9%
CVE-2021-21801 MEDIUM POC THREAT This Month

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
63.4%
CVE-2021-21800 MEDIUM POC THREAT This Month

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
14.1%
CVE-2021-21799 MEDIUM POC THREAT This Month

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS R Seenet
NVD
CVSS 3.1
6.1
EPSS
12.3%
CVE-2021-21816 MEDIUM POC THREAT This Month

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 3040 Firmware
NVD
CVSS 3.1
4.3
EPSS
36.5%
CVE-2021-3614 MEDIUM This Month

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Ideapad 1 11Ada05 Firmware Ideapad 1 14Ada05 Firmware V130 15Ikb Firmware +18
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-34448 MEDIUM KEV PATCH THREAT This Month

Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
30.7%
CVE-2021-34447 MEDIUM PATCH This Month

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
1.8%
CVE-2021-3452 MEDIUM This Month

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-34444 MEDIUM PATCH This Month

Windows DNS Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2021-36755 MEDIUM PATCH This Month

Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Cgm Remote Monitor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34466 MEDIUM PATCH This Month

Windows Hello Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Microsoft Authentication Bypass Windows 10
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-34457 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34454 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34440 MEDIUM PATCH This Month

GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28054 MEDIUM This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-28114 MEDIUM PATCH This Month

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Froala Editor
NVD
CVSS 3.1
5.4
EPSS
52.0%
CVE-2021-36758 MEDIUM PATCH This Month

1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Connect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-34451 MEDIUM PATCH This Month

Microsoft Office Online Server Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-3453 MEDIUM This Month

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Lenovo Information Disclosure Thinkpad Helix Firmware Thinkpad T550 Firmware +19
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy