Skip to main content
CVE-2021-40352 MEDIUM POC This Month

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Openemr
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
9.7%
CVE-2021-39186 MEDIUM POC PATCH This Month

GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Globalnewfiles
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-39320 MEDIUM POC This Month

The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Apache XSS PHP Underconstruction
NVD WPScan
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-20345 MEDIUM POC This Month

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wtcms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-39170 MEDIUM POC PATCH This Month

Pimcore is an open source data & experience management platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-36043 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Redis RCE SSRF Adobe Adobe Commerce +1
NVD
CVSS 3.1
6.6
EPSS
1.9%
CVE-2021-36039 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Adobe Authentication Bypass Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-36038 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-36037 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Adobe Information Disclosure Authentication Bypass Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-36012 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-36063 MEDIUM PATCH This Month

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-36062 MEDIUM PATCH This Month

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-36027 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-36026 MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-36077 MEDIUM PATCH This Month

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Adobe Bridge
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2021-36058 MEDIUM PATCH This Month

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2021-36056 MEDIUM PATCH This Month

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2021-29852 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36061 MEDIUM PATCH This Month

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Connect
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-39166 MEDIUM PATCH This Month

Pimcore is an open source data & experience management platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-39119 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center Jira
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-37151 MEDIUM This Month

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-35238 MEDIUM This Month

User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Orion Platform
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-29853 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29851 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy