Skip to main content
CVE-2021-31878 MEDIUM POC PATCH This Month

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Asterisk
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-34630 MEDIUM POC This Month

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gtranslate
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-37600 MEDIUM POC PATCH This Month

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Util Linux Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-36605 MEDIUM POC This Month

engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Engineercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-35479 MEDIUM POC THREAT This Month

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD
CVSS 3.1
5.4
EPSS
13.2%
CVE-2021-35478 MEDIUM POC THREAT This Month

Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD
CVSS 3.1
5.4
EPSS
76.6%
CVE-2021-20112 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20111 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-30483 MEDIUM POC PATCH This Month

isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Isomorphic Git
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-20113 MEDIUM POC This Month

An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-3636 MEDIUM POC This Month

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2021-22521 MEDIUM This Month

A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zenworks Configuration Management Zenworks Endpoint Security Management
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-37587 MEDIUM PATCH This Month

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Charm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28094 MEDIUM This Month

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Documents
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-28093 MEDIUM This Month

OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Documents
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-37746 MEDIUM PATCH This Month

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Claws Mail Sylpheed Fedora
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-37596 MEDIUM PATCH This Month

Telegram Web K Alpha 0.6.1 allows XSS via a document name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Web K Alpha
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20789 MEDIUM This Month

Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Groupsession Groupsession Bycloud Groupsession Zion
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37588 MEDIUM This Month

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charm
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-37743 MEDIUM PATCH This Month

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-37742 MEDIUM PATCH This Month

app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-28674 MEDIUM PATCH This Month

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Orion Platform
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-29298 MEDIUM This Month

Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Proficy Machine Edition
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29297 MEDIUM This Month

Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Proficy Machine Edition
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-37606 MEDIUM This Month

Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meow Hash
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-28095 MEDIUM This Month

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Open Xchange Documents
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-20787 MEDIUM This Month

Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Groupsession Groupsession Bycloud Groupsession Zion
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-20785 MEDIUM This Month

Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Groupsession Groupsession Bycloud Groupsession Zion
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-34629 MEDIUM This Month

The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass Sendgrid
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20788 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Groupsession Groupsession Bycloud Groupsession Zion
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20786 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Groupsession Groupsession Bycloud Groupsession Zion
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy