Skip to main content
CVE-2021-24467 MEDIUM POC This Month

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Leaflet Map
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-37573 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Tiny Java Web Server
NVD
CVSS 3.1
6.1
EPSS
3.4%
CVE-2021-24522 MEDIUM POC This Month

The User Registration, User Profile, Login & Membership - ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilepress
NVD WPScan
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-24495 MEDIUM POC This Month

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Marmoset Viewer
NVD WPScan
CVSS 3.1
6.1
EPSS
2.9%
CVE-2021-24304 MEDIUM POC This Month

The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsmag
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-37788 MEDIUM POC This Month

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testrail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-24509 MEDIUM POC This Month

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Page View Count
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24505 MEDIUM POC This Month

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24502 MEDIUM POC This Month

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Wp Maps
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-21584 MEDIUM PATCH This Month

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Openmanage Enterprise Openmanage Enterprise Modular
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29714 MEDIUM This Month

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Content Navigator
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37634 MEDIUM This Month

Leafkit is a templating language with Swift-inspired syntax. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leafkit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-37633 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34660 MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Wp Fusion
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37615 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-34335 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37622 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37621 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37620 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37619 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37618 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37616 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37623 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-34334 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-32815 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37212 MEDIUM This Month

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flygo
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37211 MEDIUM This Month

The bulletin function of Flygo does not filter special characters while a new announcement is added. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flygo
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20349 MEDIUM This Month

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption Tivoli Workload Scheduler
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-34661 MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Wp Fusion
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2021-25954 MEDIUM PATCH This Month

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Dolibarr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-37215 MEDIUM This Month

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flygo
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-37213 MEDIUM This Month

The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flygo
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy