Skip to main content
CVE-2021-39602 MEDIUM POC This Month

A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Miniftpd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3728 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-39243 MEDIUM POC This Month

Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Nexto Nx3003 Firmware Nexto Nx3004 Firmware Nexto Nx3005 Firmware Nexto Nx3010 Firmware +11
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-39140 MEDIUM POC PATCH This Month

XStream is a simple library to serialize objects to XML and back again. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Denial Of Service Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
6.3
EPSS
5.9%
CVE-2021-39599 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cxuucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-24556 MEDIUM POC This Month

The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Email Subscriber
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-39368 MEDIUM POC This Month

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oce Print Exec Workgroup
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-39609 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-24571 MEDIUM POC This Month

The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hd Quiz
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24564 MEDIUM POC This Month

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Scroll Top
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24561 MEDIUM POC This Month

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Sms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24558 MEDIUM POC This Month

The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Project Status
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24547 MEDIUM POC This Month

The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Kn Fix Your Title
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24529 MEDIUM POC This Month

The Grid Gallery - Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Grid Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24486 MEDIUM POC This Month

The Simple Social Media Share Buttons - Social Sharing for Everyone WordPress plugin before 3.2.3 did not escape the align and like_button_size parameters of its SSB shortcode, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Social Media Share Buttons
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-39367 MEDIUM POC This Month

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Oce Print Exec Workgroup
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-24549 MEDIUM POC This Month

The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Aceide
NVD WPScan
CVSS 3.1
4.9
EPSS
1.6%
CVE-2021-24658 MEDIUM POC PATCH This Month

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Erident Custom Login And Dashboard
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24574 MEDIUM POC PATCH This Month

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Simple Banner
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24533 MEDIUM POC This Month

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Maintenance
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24524 MEDIUM POC This Month

The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Givewp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-22251 MEDIUM POC This Month

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-22252 MEDIUM This Month

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3730 MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-33598 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Atlant Linux Security Elements Endpoint Protection
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-37750 MEDIUM PATCH This Month

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Fedora Debian Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-22253 MEDIUM This Month

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24531 MEDIUM This Month

The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Charitable
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22248 MEDIUM This Month

Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-3731 MEDIUM This Month

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ledgersmb Debian Linux
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2021-22249 MEDIUM This Month

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-3729 MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy