Skip to main content
CVE-2021-37420 MEDIUM POC PATCH This Month

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho Authentication Bypass Manageengine Admanager Plus
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-40868 MEDIUM POC This Month

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloudron
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
9.1%
CVE-2021-23443 MEDIUM POC PATCH This Month

This affects the package edge.js before 5.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Edge
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-41084 MEDIUM POC PATCH This Month

http4s is an open source scala interface for HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Http4S
NVD GitHub
CVSS 3.1
4.7
EPSS
1.2%
CVE-2021-41087 MEDIUM PATCH This Month

in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal In Toto Golang
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-39230 MEDIUM PATCH This Month

Butter is a system usability utility. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Butter
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20829 MEDIUM This Month

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29795 MEDIUM PATCH This Month

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

IBM Denial Of Service Powervm Hypervisor
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-41525 MEDIUM This Month

An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Flexnet Inventory Agent And Beacon
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-26333 MEDIUM This Month

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Chipset Driver Psp Driver
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-41086 MEDIUM PATCH This Month

jsuites is an open source collection of common required javascript web components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jsuites
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy