Skip to main content
CVE-2021-38721 MEDIUM POC PATCH This Month

FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Fuel Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-39458 MEDIUM POC This Month

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Redaxo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-38325 MEDIUM POC This Month

The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP User Activation Email
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38323 MEDIUM POC This Month

The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Rentpress
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38322 MEDIUM POC This Month

The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Twitter Friends Widget
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38321 MEDIUM POC This Month

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Custom Sub Menus
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38320 MEDIUM POC This Month

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Simplesamlphp Authentication
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-38319 MEDIUM POC This Month

The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS PHP More From Google
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38318 MEDIUM POC This Month

The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP 3D Cover Carousel
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38317 MEDIUM POC This Month

The Konnichiwa!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Konnichiwa
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38316 MEDIUM POC This Month

The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wp Academic People List
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-40223 MEDIUM POC This Month

Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmc Pu Iii 7030 000 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37101 MEDIUM This Month

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ais Bw50 00 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-20118 MEDIUM PATCH This Month

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Nessus Agent
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-20117 MEDIUM PATCH This Month

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Nessus Agent
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1963 MEDIUM PATCH This Month

Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Memory Corruption Information Disclosure Apq8009W Firmware +111
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-1962 MEDIUM PATCH This Month

Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Aqt1000 Firmware Ar9380 Firmware Fsm10055 Firmware +81
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1961 MEDIUM PATCH This Month

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +110
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-34722 MEDIUM This Month

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-34721 MEDIUM This Month

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-34708 MEDIUM This Month

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-39203 MEDIUM This Month

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-28914 MEDIUM This Month

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Eibport Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-25450 MEDIUM This Month

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-40284 MEDIUM PATCH This Month

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow D-Link Denial Of Service Dsl 3782 Firmware
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-1960 MEDIUM This Month

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +135
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-1957 MEDIUM PATCH This Month

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8017 Firmware Qca6174a Firmware Qca6390 Firmware +43
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-1956 MEDIUM This Month

Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Aqt1000 Firmware Ar8035 Firmware Csrb31024 Firmware +39
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-1958 MEDIUM PATCH This Month

A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables. Rated medium severity (CVSS 6.4).

Qualcomm Denial Of Service Race Condition Qca6574a Firmware Qca6574au Firmware +36
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-34709 MEDIUM This Month

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software. Rated medium severity (CVSS 6.4). No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xr
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2021-25466 MEDIUM This Month

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-25464 MEDIUM This Month

An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Capture
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-25462 MEDIUM This Month

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25460 MEDIUM This Month

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25459 MEDIUM This Month

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25458 MEDIUM This Month

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25456 MEDIUM This Month

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25454 MEDIUM This Month

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25453 MEDIUM This Month

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25452 MEDIUM This Month

An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-28499 MEDIUM This Month

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Metamako Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-30294 MEDIUM PATCH This Month

Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Qualcomm Denial Of Service Qca6174a Firmware Qca6574 Firmware +39
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-1935 MEDIUM This Month

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8009 Firmware Apq8017 Firmware +174
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-34771 MEDIUM This Month

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xr
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-39202 MEDIUM This Month

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-39201 MEDIUM This Month

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-36871 MEDIUM This Month

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS Wp Go Maps
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-36870 MEDIUM This Month

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS Wp Go Maps
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-39200 MEDIUM This Month

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP Information Disclosure Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-38725 MEDIUM PATCH This Month

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Fuel Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy