Skip to main content
CVE-2021-39555 MEDIUM POC This Month

An issue was discovered in swftools through 20200710. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39554 MEDIUM POC This Month

An issue was discovered in swftools through 20200710. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39553 MEDIUM POC This Month

An issue was discovered in swftools through 20200710. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39549 MEDIUM POC This Month

An issue was discovered in sela through 20200412. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sela
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39548 MEDIUM POC This Month

An issue was discovered in sela through 20200412. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sela
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39547 MEDIUM POC This Month

An issue was discovered in sela through 20200412. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sela
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39545 MEDIUM POC This Month

An issue was discovered in sela through 20200412. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sela
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39543 MEDIUM POC This Month

An issue was discovered in pdftools through 20200714. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Pdftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39542 MEDIUM POC This Month

An issue was discovered in pdftools through 20200714. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Pdftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39541 MEDIUM POC This Month

An issue was discovered in pdftools through 20200714. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Pdftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39539 MEDIUM POC This Month

An issue was discovered in pdftools through 20200714. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Pdftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-39538 MEDIUM POC This Month

An issue was discovered in pdftools through 20200714. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Pdftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32289 MEDIUM POC This Month

An issue was discovered in heif through through v3.6.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Heif
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32285 MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32283 MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32282 MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32280 MEDIUM POC PATCH This Month

An issue was discovered in fig2dev before 3.2.8.. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Fig2Dev Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32276 MEDIUM POC This Month

An issue was discovered in faad2 through 2.10.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Faad2 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32275 MEDIUM POC This Month

An issue was discovered in faust through v2.30.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Faust
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32270 MEDIUM POC This Month

An issue was discovered in gpac through 20200801. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32269 MEDIUM POC This Month

An issue was discovered in gpac through 20200801. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-24640 MEDIUM POC This Month

The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenslider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24637 MEDIUM POC This Month

The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Fonts
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24635 MEDIUM POC This Month

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Visual Link Preview
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24618 MEDIUM POC This Month

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Donate With Qrcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-24597 MEDIUM POC This Month

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS You Shang
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24587 MEDIUM POC This Month

The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Splash Header
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24584 MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Timetable And Event Schedule
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-24582 MEDIUM POC This Month

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Thinktwit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24525 MEDIUM POC This Month

The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortcodes Ultimate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41083 HIGH PATCH This Week

Dada Mail is a web-based e-mail list management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Dada Mail
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-24613 MEDIUM POC This Month

The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Views Counter
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24609 MEDIUM POC This Month

The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Mapa Politico Espana
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24604 MEDIUM POC This Month

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Availability Calendar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24600 MEDIUM POC This Month

The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Dialog
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24596 MEDIUM POC This Month

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youforms Free For Copecart
NVD WPScan
CVSS 3.1
4.8
EPSS
2.7%
CVE-2021-24530 MEDIUM POC This Month

The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Alojapro Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24583 MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Timetable And Event Schedule
NVD WPScan
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-25741 HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
6.5%
CVE-2020-21468 HIGH This Week

A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Redis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41082 HIGH PATCH This Week

Discourse is a platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32838 HIGH PATCH This Week

Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Flask Restx Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-32839 HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Sqlparse
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-29856 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-34650 MEDIUM PATCH This Month

The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Eid Easy
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39325 MEDIUM PATCH This Month

The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Optinmonster
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29821 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29820 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29819 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29818 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy