Skip to main content
CVE-2021-41380 MEDIUM POC This Month

RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vnc Viewer
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3812 MEDIUM POC PATCH This Month

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Web Interface
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-3811 MEDIUM POC PATCH This Month

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Web Interface
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-41391 MEDIUM POC This Month

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson XSS Enterprise Content Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-39327 MEDIUM POC PATCH THREAT This Month

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Information Disclosure Bulletproof Security
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
72.3%
CVE-2021-39218 MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-39219 MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2021-39216 MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). No vendor patch available.

Use After Free Memory Corruption Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-20828 MEDIUM This Month

Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Order Status Batch Change
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20825 MEDIUM This Month

Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS List Order Management Item Change
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31842 MEDIUM This Month

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1939 MEDIUM PATCH This Month

Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Qualcomm Denial Of Service Apq8009 Firmware Apq8009W Firmware +106
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy