Skip to main content
CVE-2021-22922 MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-35307 MEDIUM POC This Month

An issue was discovered in Bento4 through v1.6.0-636. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-35306 MEDIUM POC This Month

An issue was discovered in Bento4 through v1.6.0-636. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-29975 MEDIUM POC This Month

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22234 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2021-20116 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20115 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21792 MEDIUM POC This Month

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21791 MEDIUM POC This Month

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21790 MEDIUM POC This Month

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21785 MEDIUM POC This Month

An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare Ultimate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-36584 MEDIUM POC This Month

An issue was discovered in GPAC 1.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-38138 MEDIUM POC This Month

OneNav beta 0.9.12 allows XSS via the Add Link feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onenav
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-22925 MEDIUM POC PATCH This Month

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-34638 MEDIUM This Month

Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Path Traversal Download Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-22920 MEDIUM This Month

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Application Delivery Management Gateway
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-32603 MEDIUM This Month

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-37859 MEDIUM This Month

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost XSS
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-21738 MEDIUM This Month

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Zxiptv Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29969 MEDIUM This Month

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Path Traversal Information Disclosure Thunderbird
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-3566 MEDIUM PATCH This Month

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ffmpeg Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32003 MEDIUM This Month

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sitemanager Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3679 MEDIUM PATCH This Month

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-33597 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Linux Security Business Suite Elements Endpoint Protection
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-25444 MEDIUM This Month

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-22241 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-3642 MEDIUM PATCH This Month

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wildfly Elytron Build Of Quarkus Codeready Studio Data Grid +9
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25448 MEDIUM This Month

Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Touch Call
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25447 MEDIUM This Month

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartthings Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25446 MEDIUM This Month

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartthings Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25445 MEDIUM This Month

Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25443 MEDIUM This Month

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-21739 MEDIUM This Month

A ZTE's product of the transport network access layer has a security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxctn 6120H Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-29974 MEDIUM This Month

When network partitioning was enabled, e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-22240 MEDIUM This Month

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-32598 MEDIUM This Month

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-33596 MEDIUM This Month

Showing the legitimate URL in the address bar while loading the content from other domain. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Safe
NVD
CVSS 3.1
4.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy