Skip to main content
CVE-2021-39194 MEDIUM POC PATCH This Month

kaml is an open source implementation of the YAML format with support for kotlinx.serialization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Kaml
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-39501 MEDIUM POC This Month

EyouCMS 1.5.4 is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
3.6%
CVE-2021-39499 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-38704 MEDIUM POC This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cliniccases
NVD GitHub
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-39285 MEDIUM POC This Month

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Versa Director
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39278 MEDIUM POC This Month

Certain MOXA devices allow reflected XSS via the Config Import menu. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wac 2004 Firmware Wac 1001 Firmware Wac 1001 T Firmware Oncell G3470A Lte Eu Firmware +8
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-39496 MEDIUM POC This Month

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38707 MEDIUM POC This Month

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cliniccases
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-36696 MEDIUM POC This Month

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Deskpro
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33483 MEDIUM POC This Month

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onyaktech Comments Pro
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37733 MEDIUM POC This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-37631 MEDIUM PATCH This Month

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Deck
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-37630 MEDIUM PATCH This Month

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Circles
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-39196 MEDIUM PATCH This Month

pcapture is an open source dumpcap web service interface . Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Pcapture
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-39195 MEDIUM PATCH This Month

Misskey is an open source, decentralized microblogging platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misskey
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-37729 MEDIUM PATCH This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37728 MEDIUM This Month

A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-38698 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-34149 MEDIUM This Month

The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cc256Xcqfn Em Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-34148 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireless Internet Connectivity For Embedded Devices
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-34147 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireless Internet Connectivity For Embedded Devices
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-34146 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cyw920735Q60Evb 01 Firmware Cyw20735B1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-34143 MEDIUM This Month

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fw Ac63 Bt Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-31786 MEDIUM This Month

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ats2819P Firmware Ats2815 Firmware Ats2819 Firmware Ats2819S Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31785 MEDIUM This Month

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ats2819P Firmware Ats2815 Firmware Ats2819 Firmware Ats2819S Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31612 MEDIUM This Month

The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ac6901 Firmware Ac690N Firmware Ac692N Firmware Ac6902 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-31610 MEDIUM This Month

The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mi True Wireless Earbuds Basic 2 Firmware Ab5376T Firmware Bt8896A Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-31609 MEDIUM This Month

The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Iwrap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-34150 MEDIUM This Month

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ab5301A Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-34144 MEDIUM This Month

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fw Ac63 Bt Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-33831 MEDIUM This Month

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Covid 19 Contact Tracing
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-31613 MEDIUM This Month

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ac6901 Firmware Ac6925 Firmware Ac6926 Firmware Ac6928 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-28155 MEDIUM This Month

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tune500Bt Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-28136 MEDIUM This Month

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-28135 MEDIUM This Month

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-37731 MEDIUM PATCH This Month

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12,. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-39199 MEDIUM PATCH This Month

remark-html is an open source nodejs library which compiles Markdown to HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Remark Html
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38123 MEDIUM This Month

Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Network Automation
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-31611 MEDIUM This Month

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ac6901 Firmware Ac6925 Firmware Ac6926 Firmware Ac6928 Firmware +1
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2021-32801 MEDIUM This Month

Nextcloud server is an open source, self hosted personal cloud. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-39257 MEDIUM This Month

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-33599 MEDIUM This Month

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Cloud Protection For Salesforce Linux Security Elements Endpoint Protection
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-35948 MEDIUM This Month

Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Authentication Bypass Owncloud
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-32782 MEDIUM PATCH This Month

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Nextcloud XSS Circles
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-37629 MEDIUM This Month

Nextcloud Richdocuments is an open source collaborative office suite. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Microsoft Information Disclosure Richdocuments
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-32766 MEDIUM PATCH This Month

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-35949 MEDIUM This Month

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Owncloud
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-35947 MEDIUM This Month

The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Owncloud
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-34145 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Wireless Internet Connectivity For Embedded Devices
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-27022 MEDIUM This Month

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Puppet Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy