Skip to main content
CVE-2020-21677 MEDIUM POC This Month

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-29400 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Smtp Contact
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-38382 MEDIUM POC This Month

Live555 through 1.08 does not handle Matroska and Ogg files properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Live555
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-38381 MEDIUM POC This Month

Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Live555
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31655 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tv Ip110Wn Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-37390 MEDIUM POC PATCH This Month

A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37389 MEDIUM POC PATCH This Month

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-36601 MEDIUM POC This Month

GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Getsimplecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38370 MEDIUM POC This Month

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Alpine
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2021-37391 MEDIUM POC PATCH This Month

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE XSS Chamilo Lms
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.1%
CVE-2021-3692 MEDIUM POC PATCH This Month

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-28846 MEDIUM This Month

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tew 755Ap Firmware Tew 755Ap2Kac Firmware Tew 821Dap2Kac Firmware Tew 825Dap Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21600 MEDIUM PATCH This Month

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Denial Of Service Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-33699 MEDIUM This Month

Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Fiori Client
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-22674 MEDIUM PATCH This Month

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Webaccess Scada
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-37365 MEDIUM This Month

CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ctparental
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32768 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-33707 MEDIUM This Month

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Netweaver Knowledge Management
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-33703 MEDIUM This Month

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-33702 MEDIUM This Month

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-22676 MEDIUM This Month

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webaccess Scada
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-37178 MEDIUM This Month

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Solid Edge Se2021 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-33717 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-37152 MEDIUM This Month

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.1
5.4
EPSS
24.4%
CVE-2021-38373 MEDIUM This Month

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Kmail
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-29739 MEDIUM This Month

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-33706 MEDIUM This Month

Due to improper input validation in InfraBox, logs can be modified by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Infrabox
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy