Skip to main content
CVE-2021-34228 MEDIUM POC THREAT This Month

Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002r Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
29.2%
CVE-2021-34223 MEDIUM POC This Month

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002r Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34220 MEDIUM POC This Month

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002r Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34215 MEDIUM POC This Month

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002r Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34207 MEDIUM POC This Month

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002r Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34218 MEDIUM POC This Month

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3002r Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-35984 MEDIUM This Month

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-22255 MEDIUM PATCH This Month

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Baserow
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-22246 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-36008 MEDIUM This Month

Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-after-free vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Adobe Illustrator
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2021-35985 MEDIUM This Month

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2021-28593 MEDIUM This Month

Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use After Free vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2021-22238 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting with 13.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
71.8%
CVE-2021-22254 MEDIUM This Month

Under very specific conditions a user could be impersonated using Gitlab shell. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy