Skip to main content
CVE-2021-34262 MEDIUM POC This Month

A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stm32Cube Middleware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-34260 MEDIUM POC This Month

A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stm32Cube Middleware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-34259 MEDIUM POC This Month

A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stm32Cube Middleware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-27332 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Casap Automated Enrollment System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-32786 MEDIUM POC PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Apache Mod Auth Openidc Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2021-26224 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fantastic Blog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-25197 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Content Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-26698 MEDIUM POC This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-26230 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-26227 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Casap Automated Enrollment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-30049 MEDIUM POC This Month

SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sysaid
NVD
CVSS 3.1
6.1
EPSS
2.5%
CVE-2021-34268 MEDIUM POC This Month

An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stm32Cube Middleware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-34267 MEDIUM POC This Month

An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stm32Cube Middleware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-34261 MEDIUM POC This Month

An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stm32Cube Middleware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2021-31581 MEDIUM POC This Month

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ova Appliance Provisioning Manager
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2021-33478 MEDIUM This Month

The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Broadcom Ip Phone 8800 Firmware +14
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-1617 MEDIUM PATCH This Month

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Cisco Path Traversal Command Injection Intersight Virtual Appliance
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-34431 MEDIUM This Month

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mosquitto
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29149 MEDIUM PATCH This Month

A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Authentication Bypass Aruba Aos Cx Firmware
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2021-35520 MEDIUM PATCH This Month

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Information Disclosure Morphowave Compact Mdpi Firmware +3
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-37403 MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37402 MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29148 MEDIUM PATCH This Month

A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Aruba Aos Cx Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-1094 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Microsoft Information Disclosure +3
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-35521 MEDIUM PATCH This Month

A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Path Traversal Information Disclosure Morphowave Compact Mdpi Firmware Morphowave Compact Mdpi M Firmware Visionpass Mdpi Firmware +3
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2021-34700 MEDIUM This Month

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1096 MEDIUM PATCH This Month

NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Microsoft Denial Of Service Nvidia Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1095 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Microsoft Null Pointer Dereference Denial Of Service Nvidia +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-1093 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Nvidia Gpu Display Driver Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-26699 MEDIUM This Month

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2021-1599 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Cisco RCE XSS Unified Customer Voice Portal
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-1614 MEDIUM PATCH This Month

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-3619 MEDIUM PATCH This Month

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Velociraptor
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy