Skip to main content
CVE-2021-30597 MEDIUM POC This Month

Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2021-30594 MEDIUM POC This Month

Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2021-39165 MEDIUM POC PATCH This Month

Cachet is an open source status page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Information Disclosure Cachet
NVD GitHub
CVSS 3.1
6.5
EPSS
9.8%
CVE-2021-38559 MEDIUM POC This Month

DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hoteldruid
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-36352 MEDIUM POC This Month

Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Information Management
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-30596 MEDIUM POC This Month

Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-36929 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
6.3
EPSS
3.1%
CVE-2021-20815 MEDIUM This Month

Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20814 MEDIUM This Month

Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20813 MEDIUM This Month

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20812 MEDIUM This Month

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20811 MEDIUM This Month

Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20810 MEDIUM This Month

Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20809 MEDIUM This Month

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20808 MEDIUM This Month

Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-36928 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.0).

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2021-29862 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29727 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-39161 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-32076 MEDIUM This Month

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Web Help Desk
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-37715 MEDIUM This Month

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aruba Airwave
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-36931 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Microsoft Privilege Escalation Edge Chromium
NVD
CVSS 3.1
4.4
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy