Skip to main content
CVE-2021-36802 MEDIUM POC This Month

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Akaunting
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-38115 MEDIUM POC PATCH This Month

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libgd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-37231 MEDIUM POC This Month

A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Atomicparsley
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-36803 MEDIUM POC This Month

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Akaunting
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38113 MEDIUM POC This Month

In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwebif
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3680 MEDIUM POC PATCH This Month

showdoc is vulnerable to Missing Cryptographic Step. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-36805 MEDIUM POC This Month

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Akaunting
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-32793 MEDIUM POC This Month

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pi Hole
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-34707 MEDIUM PATCH This Month

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Cisco Information Disclosure Evolved Programmable Network Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-36168 MEDIUM This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortiportal
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-24010 MEDIUM This Month

Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Fortisandbox
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-24014 MEDIUM This Month

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortisandbox
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-35463 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33337 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3678 MEDIUM PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2021-38114 MEDIUM PATCH This Month

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ffmpeg Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-3539 MEDIUM This Month

EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Espocrm
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33336 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33339 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-1522 MEDIUM This Month

A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Connected Mobile Experiences
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy