Skip to main content
CVE-2021-36873 MEDIUM POC This Month

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Iq Block Country
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-22017 MEDIUM POC KEV PATCH THREAT This Month

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
47.6%
CVE-2021-34729 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe Ios Xe Sd Wan
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-34726 MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Sd Wan
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-34725 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe Sd Wan
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-34723 MEDIUM This Month

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-29816 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22950 MEDIUM This Month

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Concrete Cms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22018 MEDIUM PATCH This Month

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21993 MEDIUM PATCH This Month

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-34712 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Nosql Injection Information Disclosure Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-34703 MEDIUM This Month

A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service iOS Ios Xe
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-1589 MEDIUM PATCH This Month

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3824 MEDIUM This Month

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Openvpn Access Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-22016 MEDIUM PATCH This Month

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34724 MEDIUM This Month

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE Authentication Bypass Ios Xe Sd Wan
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-34696 MEDIUM This Month

A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Ios Xe
NVD
CVSS 3.1
5.8
EPSS
1.0%
CVE-2021-1625 MEDIUM This Month

A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Ios Xe
NVD
CVSS 3.1
5.8
EPSS
0.9%
CVE-2021-29904 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38863 MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-22276 MEDIUM This Month

The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Access Point 2 0 Firmware System Access Point 127V Firmware Wl System Access Point 127V Firmware Wl System Access Point Firmware +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20435 MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22020 MEDIUM PATCH This Month

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-22007 MEDIUM PATCH This Month

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1546 MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vmanage +9
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38877 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38870 MEDIUM This Month

IBM Aspera Cloud is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera On Cloud
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29905 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29833 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29832 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29815 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29814 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29813 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29812 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29810 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29800 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20484 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling File Gateway
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36872 MEDIUM This Month

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Popular Posts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22953 MEDIUM This Month

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-22949 MEDIUM This Month

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-22011 MEDIUM PATCH This Month

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34705 MEDIUM This Month

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Microsoft Authentication Bypass iOS +1
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-1616 MEDIUM This Month

A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Ios Xe
NVD
CVSS 3.1
4.7
EPSS
1.2%
CVE-2021-20434 MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-20563 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20485 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy