Skip to main content
CVE-2021-38312 MEDIUM POC This Month

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Gutenberg Template Library Redux Framework
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-3758 MEDIUM POC PATCH This Month

bookstack is vulnerable to Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-39322 MEDIUM POC This Month

The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Apache XSS Easy Social Icons
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2021-38314 MEDIUM POC THREAT This Month

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Gutenberg Template Library Redux Framework
NVD
CVSS 3.1
5.3
EPSS
29.0%
CVE-2021-22791 MEDIUM PATCH This Month

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow Modicon M340 Bmxp341000 Modicon M340 Bmxp342010 +47
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22790 MEDIUM PATCH This Month

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Modicon M340 Bmxp341000 Modicon M340 Bmxp342010 +47
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22789 MEDIUM PATCH This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Modicon M340 Bmxp341000 Modicon M340 Bmxp342010 Modicon M340 Bmxp342020 +46
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-28555 MEDIUM This Month

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2021-38642 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38641 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-26436 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-27578 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Zeppelin
NVD
CVSS 3.1
6.1
EPSS
3.2%
CVE-2021-34732 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Prime Collaboration Provisioning
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-22525 MEDIUM This Month

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-34733 MEDIUM This Month

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-36930 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Microsoft Privilege Escalation Edge
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-28559 MEDIUM This Month

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-31797 MEDIUM This Month

The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Credential Provider
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2021-34759 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-26439 MEDIUM PATCH This Month

Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.6
EPSS
2.5%
CVE-2021-31798 MEDIUM This Month

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Credential Provider
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2021-28557 MEDIUM This Month

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2021-34765 MEDIUM This Month

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Information Disclosure Nexus Insights
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy