Skip to main content
CVE-2016-20012 MEDIUM POC PATCH THREAT This Month

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.

SSH Information Disclosure Openssh Clustered Data Ontap Hci Management Node +2
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
14.6%
CVE-2021-40964 MEDIUM POC This Month

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Path Traversal Tiny File Manager
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.2%
CVE-2021-3801 MEDIUM POC PATCH This Month

prism is vulnerable to Inefficient Regular Expression Complexity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Prism
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-39307 MEDIUM POC This Month

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webviewer Ui
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-3780 MEDIUM POC PATCH This Month

peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Peertube
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-41061 MEDIUM POC This Month

In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Riot
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-28901 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Azurcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-38156 MEDIUM POC THREAT This Month

In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
88.9%
CVE-2021-3785 MEDIUM POC PATCH This Month

yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yourls
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-39211 MEDIUM POC This Month

GLPI is a free Asset and IT management software package. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
4.7%
CVE-2021-33693 MEDIUM PATCH This Month

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Command Injection RCE SAP Code Injection Cloud Connector
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-20433 MEDIUM This Month

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-39210 MEDIUM This Month

GLPI is a free Asset and IT management software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-38629 MEDIUM PATCH This Month

Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-38624 MEDIUM PATCH This Month

Windows Key Storage Provider Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22147 MEDIUM PATCH This Month

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Elasticsearch
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-38669 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Google Microsoft Information Disclosure Edge Edge Chromium
NVD
CVSS 3.1
6.4
EPSS
2.6%
CVE-2021-40448 MEDIUM PATCH This Month

Microsoft Accessibility Insights for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity.

Google Microsoft Information Disclosure Accessibility Insights For Android
NVD
CVSS 3.1
6.3
EPSS
2.9%
CVE-2021-33697 MEDIUM PATCH This Month

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-33691 MEDIUM PATCH This Month

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-39205 MEDIUM PATCH This Month

Jitsi Meet is an open source video conferencing application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jitsi Meet
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-40238 MEDIUM This Month

A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Webuzo
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-37412 MEDIUM This Month

The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Techradar
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-3783 MEDIUM PATCH This Month

yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Yourls
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-38657 MEDIUM PATCH This Month

Microsoft Office Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38632 MEDIUM PATCH This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2021-38637 MEDIUM PATCH This Month

Windows Storage Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-38636 MEDIUM PATCH This Month

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-38635 MEDIUM PATCH This Month

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-36972 MEDIUM PATCH This Month

Windows SMB Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-36969 MEDIUM PATCH This Month

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-36962 MEDIUM PATCH This Month

Windows Installer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-36961 MEDIUM PATCH This Month

Windows Installer Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-36959 MEDIUM PATCH This Month

Windows Authenticode Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-26437 MEDIUM PATCH This Month

Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2021-33696 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-40966 MEDIUM This Month

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Tiny File Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29773 MEDIUM PATCH This Month

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-40440 MEDIUM PATCH This Month

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365 Business Central
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-39189 MEDIUM PATCH This Month

Pimcore is an open source data & experience management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-33694 MEDIUM PATCH This Month

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SAP Cloud Connector
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-36956 MEDIUM PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
4.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy