Skip to main content
CVE-2021-34640 MEDIUM POC This Month

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Securimage Wp Fixed
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-38549 MEDIUM POC This Month

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Miracase Hmub500 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38548 MEDIUM POC This Month

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Go 2 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38547 MEDIUM POC This Month

Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Z120 Firmware S120 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38546 MEDIUM POC This Month

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pebble V3 Firmware Pebble V2 Firmware Pebble Firmware Pebble Plus Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38545 MEDIUM POC This Month

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Raspberry Pi 4 Model B Firmware Raspberry Pi 3 Model B Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38544 MEDIUM POC This Month

Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Srs Xb33 Firmware Srs Xb43 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-38543 MEDIUM POC This Month

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Ue330 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-32440 MEDIUM POC PATCH This Month

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-32438 MEDIUM POC PATCH This Month

The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-32437 MEDIUM POC PATCH This Month

The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-1111 MEDIUM This Month

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-37697 MEDIUM PATCH This Month

tmerc-cogs are a collection of open source plugins for the Red Discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Tmerc Cogs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-37696 MEDIUM PATCH This Month

tmerc-cogs are a collection of open source plugins for the Red Discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Tmerc Cogs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-3046 MEDIUM This Month

An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-0009 MEDIUM This Month

Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Denial Of Service Information Disclosure Ethernet Controller E810 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-1109 MEDIUM This Month

NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across. Rated medium severity (CVSS 6.3). No vendor patch available.

Denial Of Service Nvidia Jetson Linux
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2021-22098 MEDIUM This Month

UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cf Deployment User Account And Authentication
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-38538 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear XSS D7800 Firmware R7800 Firmware R8900 Firmware +12
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-3048 MEDIUM This Month

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-38590 MEDIUM This Month

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1112 MEDIUM This Month

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Linux Denial Of Service Nvidia Jetson Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0012 MEDIUM PATCH This Month

Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Use After Free Denial Of Service Intel Memory Corruption Graphics Driver +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0003 MEDIUM This Month

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Ethernet Controller E810 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-38533 MEDIUM This Month

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS Rax40 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3045 MEDIUM This Month

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-38524 MEDIUM This Month

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption Mk62 Firmware Mr60 Firmware +11
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-38537 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +15
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-38536 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38535 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38534 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D3600 Firmware D6000 Firmware D6100 Firmware +40
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-1113 MEDIUM This Month

NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Nvidia Authentication Bypass Jetson Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2021-38586 MEDIUM This Month

In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-1114 MEDIUM This Month

NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Memory Corruption Use After Free Nvidia +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0083 MEDIUM This Month

Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Optane Persistent Memory Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0008 MEDIUM This Month

Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Controller E810 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0007 MEDIUM This Month

Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Controller E810 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0006 MEDIUM This Month

Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Controller E810 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0005 MEDIUM This Month

Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Controller E810 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0004 MEDIUM This Month

Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Intel Denial Of Service Ethernet Controller E810 Firmware Fedora
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-20420 MEDIUM This Month

IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy