Skip to main content
CVE-2021-27942 MEDIUM POC This Month

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE P65 F1 Firmware E50X E1 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-30584 MEDIUM POC This Month

Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-30582 MEDIUM POC This Month

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
5.5%
CVE-2021-37914 MEDIUM POC PATCH This Month

In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Argo Workflows
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-36703 MEDIUM POC This Month

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-36702 MEDIUM POC This Month

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37833 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hoteldruid
NVD GitHub
CVSS 3.1
6.1
EPSS
4.9%
CVE-2021-35265 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Maxsite Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2021-36654 MEDIUM POC This Month

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsuno
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2021-26085 MEDIUM POC KEV THREAT This Month

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Data Center Confluence Server
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
99.9%
CVE-2021-30587 MEDIUM POC This Month

Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-36543 MEDIUM POC This Month

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Seeddms
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-30583 MEDIUM This Month

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-30580 MEDIUM This Month

Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-32018 MEDIUM This Month

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asset Management
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21563 MEDIUM This Month

Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-33333 MEDIUM PATCH This Month

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2021-33332 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33331 MEDIUM PATCH This Month

Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-33326 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-21581 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21579 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21578 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21577 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21576 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37916 MEDIUM PATCH This Month

Joplin before 2.0.9 allows XSS via button and form in the note body. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Joplin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-22424 MEDIUM This Month

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22419 MEDIUM This Month

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22417 MEDIUM This Month

A component of the HarmonyOS has a Data Processing Errors vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22400 MEDIUM This Month

Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Oxfords An00A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-33328 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-36157 MEDIUM PATCH This Month

An issue was discovered in Grafana Cortex through 1.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal Information Disclosure Cortex
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-36156 MEDIUM PATCH This Month

An issue was discovered in Grafana Loki through 2.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal Loki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-21565 MEDIUM This Month

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-33325 MEDIUM PATCH This Month

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-21562 MEDIUM This Month

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-33334 MEDIUM PATCH This Month

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-30589 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-36542 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Seeddms
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-35343 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Seeddms
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-33330 MEDIUM PATCH This Month

Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-33327 MEDIUM PATCH This Month

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-33324 MEDIUM PATCH This Month

The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-33320 MEDIUM PATCH This Month

The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-21580 MEDIUM This Month

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Emc Idrac8 Firmware Emc Idrac9 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy