Skip to main content
CVE-2021-36692 MEDIUM POC PATCH This Month

libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libjxl
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-32832 MEDIUM POC PATCH This Month

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rocket Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-38343 MEDIUM POC This Month

The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post`. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Nested Pages
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37416 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2021-35061 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testerfassung
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-27909 MEDIUM POC PATCH This Month

For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mautic
NVD GitHub
CVSS 3.1
6.1
EPSS
4.1%
CVE-2021-24438 MEDIUM POC This Month

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Dashboard For Google Analytics
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24437 MEDIUM POC This Month

The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Favicon By Realfavicongenerator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24593 MEDIUM POC This Month

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Business Hours Indicator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24528 MEDIUM POC This Month

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fluentsmtp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-34434 MEDIUM POC This Month

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mosquitto Fedora
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-24592 MEDIUM POC This Month

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sitewide Notice
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-39133 MEDIUM PATCH This Month

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Rundeck
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-39175 MEDIUM PATCH This Month

HedgeDoc is a platform to write and share markdown. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hedgedoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-27911 MEDIUM PATCH This Month

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mautic
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-27910 MEDIUM PATCH This Month

Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Mautic
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-39111 MEDIUM This Month

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-39272 MEDIUM This Month

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fetchmail Fedora
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-33003 MEDIUM This Month

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Diaenergie
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-34668 MEDIUM This Month

The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which allows author-level. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP Real Media Library
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22021 MEDIUM PATCH This Month

VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware Cloud Foundation Vrealize Log Insight
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3628 MEDIUM PATCH This Month

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

RCE XSS Openkm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-29743 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27912 MEDIUM PATCH This Month

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mautic
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24667 MEDIUM This Month

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version - 2.2.0 & below). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simply Gallery Blocks With Lightbox
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24665 MEDIUM This Month

The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Video Lightbox
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22022 MEDIUM PATCH This Month

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-29728 MEDIUM PATCH This Month

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-39117 MEDIUM This Month

The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Data Center Jira
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-32991 MEDIUM This Month

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Diaenergie
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-27019 MEDIUM This Month

PuppetDB logging included potentially sensitive system information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise Puppetdb
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy