Skip to main content
CVE-2021-29280 MEDIUM POC This Month

In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

TP-Link Buffer Overflow Information Disclosure Tl Wr840N Firmware
NVD GitHub
CVSS 3.1
6.4
EPSS
0.8%
CVE-2021-28002 MEDIUM POC This Month

A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Textpattern
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-28001 MEDIUM POC This Month

A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Textpattern
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-37598 MEDIUM POC This Month

WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wp Cerber
NVD GitHub
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-28000 MEDIUM POC This Month

A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Local Services Search Engine Management System
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-27822 MEDIUM POC This Month

A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vehicle Parking Management System
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-39138 MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Node.js Authentication Bypass Parse Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32602 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortiportal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-31868 MEDIUM This Month

Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nexpose
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27999 MEDIUM This Month

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Local Services Search Engine Management System
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy