Skip to main content
CVE-2021-24541 MEDIUM POC This Month

The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wonder Pdf Embed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24540 MEDIUM POC This Month

The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wonder Video Embed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24538 MEDIUM POC This Month

The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Current Book
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24534 MEDIUM POC This Month

The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Phonetrack Meu Site Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24526 MEDIUM POC This Month

The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Form Maker
NVD WPScan
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-24512 MEDIUM POC This Month

The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Posts Webcam Recorder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24471 MEDIUM POC This Month

The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youtube Embed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38713 MEDIUM POC This Month

imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Imgurl
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32822 MEDIUM POC This Month

The npm hbs package is an Express view engine wrapper for Handlebars. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Hbs
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-22939 MEDIUM POC PATCH THREAT This Month

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Node Js Graalvm Jd Edwards Enterpriseone Tools +5
NVD
CVSS 3.1
5.3
EPSS
14.7%
CVE-2021-38755 MEDIUM POC This Month

Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Hospital Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-26086 MEDIUM POC KEV THREAT This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Jira Data Center Jira Server
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
100.0%
CVE-2021-24363 MEDIUM POC This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Photo Gallery
NVD WPScan
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-37711 HIGH PATCH This Week

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36281 HIGH PATCH This Week

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Privilege Escalation Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24519 MEDIUM POC This Month

The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Car Rental Management System
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24518 MEDIUM POC This Month

The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Notification Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-38751 MEDIUM POC This Month

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Exponentcms
NVD GitHub
CVSS 3.1
4.3
EPSS
2.5%
CVE-2021-24380 MEDIUM POC This Month

The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Shantz Wordpress Qotd
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-36279 HIGH PATCH This Week

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38608 HIGH This Week

Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Wapt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-23422 HIGH PATCH This Week

This affects the package bikeshed before 3.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Bikeshed
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-3708 HIGH This Week

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 2750U Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
24.6%
CVE-2021-37707 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-22940 HIGH PATCH This Week

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption Use After Free Node.js +7
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2021-22932 HIGH This Week

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-38711 HIGH PATCH This Week

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Gitit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-22938 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-22937 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
7.8%
CVE-2021-22935 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-22934 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
4.7%
CVE-2021-21599 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Command Injection Emc Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-21595 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Dell Command Injection Emc Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0114 MEDIUM This Month

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Core I7 6700K Xeon E3 1240 V5 Intel Core I5 Core I7 +940
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-37709 MEDIUM PATCH This Month

Shopware is an open source eCommerce platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21592 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22933 MEDIUM This Month

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22936 MEDIUM This Month

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38709 MEDIUM This Month

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Composr Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-36280 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-36278 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-3707 MEDIUM This Month

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2750U Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2021-37710 MEDIUM PATCH This Month

Shopware is an open source eCommerce platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shopware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-38607 MEDIUM This Month

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jetengine
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38708 MEDIUM This Month

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Composr Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-21594 MEDIUM PATCH This Month

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-35936 MEDIUM PATCH This Month

If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Python Airflow
NVD
CVSS 3.1
5.3
EPSS
4.0%
CVE-2021-21568 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-36282 LOW PATCH Monitor

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy