Skip to main content
CVE-2021-39367 MEDIUM POC This Month

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Oce Print Exec Workgroup
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-24549 MEDIUM POC This Month

The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Aceide
NVD WPScan
CVSS 3.1
4.9
EPSS
1.6%
CVE-2021-39158 HIGH This Week

NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Nvcaffe
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-39139 HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java Xstream Debian Linux +13
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-24658 MEDIUM POC PATCH This Month

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Erident Custom Login And Dashboard
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24574 MEDIUM POC PATCH This Month

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Simple Banner
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24533 MEDIUM POC This Month

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Maintenance
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24524 MEDIUM POC This Month

The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Givewp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-39145 HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.1%
CVE-2021-22251 MEDIUM POC This Month

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-36013 HIGH This Week

Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-28596 HIGH This Week

Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-22449 HIGH This Week

There is a logic vulnerability in Elf-G10HN 1.0.0.608. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elf G10Hn
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-22357 HIGH This Week

There is a denial of service vulnerability in Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service S12700 Firmware S5700 Firmware S6700 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22328 HIGH This Week

There is a denial of service vulnerability in some huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Denial Of Service Cloudengine 12800 Firmware Cloudengine 5800 Firmware Cloudengine 6800 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29802 HIGH This Week

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-29704 HIGH This Week

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-39371 HIGH PATCH This Week

An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Owslib Pywps Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-35940 HIGH PATCH This Week

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Portable Runtime Http Server
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-22252 MEDIUM This Month

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3730 MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-33598 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Atlant Linux Security Elements Endpoint Protection
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-37750 MEDIUM PATCH This Month

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Fedora Debian Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-22253 MEDIUM This Month

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24531 MEDIUM This Month

The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Charitable
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22248 MEDIUM This Month

Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-3731 MEDIUM This Month

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ledgersmb Debian Linux
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2021-22249 MEDIUM This Month

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-3729 MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-35465 LOW Monitor

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cortex M33 Firmware Cortex M35P Firmware Cortex M55 Firmware China Star Mc1 Firmware
NVD
CVSS 3.1
3.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy