Skip to main content
CVE-2021-36134 MEDIUM POC This Month

Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Vision Pro
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-41329 MEDIUM POC This Month

Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seq
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-31604 MEDIUM POC This Month

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Openvpn Monitor
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-23445 MEDIUM POC PATCH This Month

This affects the package datatables.net before 1.11.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Datatables Net
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-24632 MEDIUM POC This Month

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Recipe Card Blocks For Gutenberg Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24671 MEDIUM POC This Month

The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mx Time Zone Clocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24670 MEDIUM POC This Month

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Coolclock
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24643 MEDIUM POC This Month

The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Map Block
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24634 MEDIUM POC This Month

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Recipe Card Blocks For Gutenberg Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-3799 MEDIUM POC PATCH This Month

grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav Plugin Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-3818 MEDIUM POC PATCH This Month

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Grav
NVD GitHub
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-24610 MEDIUM POC This Month

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Translatepress
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
5.4%
CVE-2021-24569 MEDIUM POC This Month

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cookie Notice Compliance For Gdpr Ccpa
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-37786 MEDIUM POC This Month

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft Denial Of Service Covid Certificate
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-24633 MEDIUM POC This Month

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Countdown Block
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20035 MEDIUM KEV THREAT This Month

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware Sma 410 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2021-40712 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Adobe Experience Manager
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-39828 MEDIUM PATCH This Month

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Privilege Escalation Adobe Digital Editions
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-39827 MEDIUM PATCH This Month

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Adobe Digital Editions
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-36877 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Ulisting
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-24652 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-26587 MEDIUM This Month

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Storeonce 5200 Firmware Storeonce 5650 Firmware Storeonce 5250 Firmware Storeonce 3640 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-41385 MEDIUM This Month

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Snypr
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-40109 MEDIUM This Month

A SSRF issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-41095 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-40714 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-40106 MEDIUM This Month

An issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-40105 MEDIUM This Month

An issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23054 MEDIUM This Month

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-40713 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-0425 MEDIUM This Month

In memory management driver, there is a possible side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0424 MEDIUM This Month

In memory management driver, there is a possible system crash due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0423 MEDIUM This Month

In memory management driver, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0422 MEDIUM This Month

In memory management driver, there is a possible system crash due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0421 MEDIUM This Month

In memory management driver, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-40711 MEDIUM PATCH This Month

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-36841 MEDIUM This Month

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Yith Maintenance Mode
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24660 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-24659 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41580 MEDIUM PATCH This Month

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Passport Oauth2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-40349 MEDIUM PATCH This Month

e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Speed Test
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-0660 MEDIUM This Month

In ccu, there is a possible out of bounds read due to incorrect error handling. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-36875 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin - uListing allows Reflected XSS.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ulisting
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-36845 MEDIUM This Month

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Yith Maintenance Mode
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-20317 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2021-24661 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-36878 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Ulisting
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy