Skip to main content
CVE-2021-28070 MEDIUM POC This Month

Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-1584 MEDIUM PATCH This Month

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-22244 MEDIUM This Month

Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3605 MEDIUM PATCH This Month

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Openexr Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-1582 MEDIUM PATCH This Month

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Cisco XSS Application Policy Infrastructure Controller Cloud Application Policy Infrastructure Controller
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22256 MEDIUM This Month

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22250 MEDIUM This Month

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-22242 MEDIUM This Month

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
63.6%
CVE-2021-39136 MEDIUM PATCH This Month

baserCMS is an open source content management system with a focus on Japanese language support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-40088 MEDIUM This Month

An issue was discovered in PrimeKey EJBCA before 7.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-1591 MEDIUM PATCH This Month

A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Authentication Bypass Nx Os
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-1590 MEDIUM PATCH This Month

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Cisco Memory Corruption Nx Os +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-31989 MEDIUM This Month

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Device Manager
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-22237 MEDIUM This Month

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab Session Fixation
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-39112 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-1583 MEDIUM PATCH This Month

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Cisco Authentication Bypass Nx Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-1592 MEDIUM PATCH This Month

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Unified Computing System
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-22247 MEDIUM This Month

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-22243 MEDIUM This Month

Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-33605 MEDIUM PATCH This Month

Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Vaadin Checkbox Flow
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy