Skip to main content
CVE-2021-41318 MEDIUM POC This Month

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Whatsupgold
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.9%
CVE-2021-37271 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ueditor
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36165 MEDIUM POC This Month

RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure S9922L Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-36283 MEDIUM PATCH This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell RCE Chengming 3990 Firmware Chengming 3991 Firmware G3 15 3500 Firmware +82
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-37267 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-30086 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29365 MEDIUM This Month

Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Irfanview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-29358 MEDIUM This Month

A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Irfanview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-21570 MEDIUM PATCH This Month

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Information Disclosure Emc Networker
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-21569 MEDIUM PATCH This Month

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Path Traversal Command Injection Emc Networker
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-22535 MEDIUM This Month

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Netiq Directory And Resource Administrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2021-36285 MEDIUM This Month

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Latitude 5310 2 In 1 Firmware Latitude 5320 Firmware Latitude 5400 Firmware +18
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-36284 MEDIUM This Month

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Latitude 5310 2 In 1 Firmware Latitude 5320 Firmware Latitude 5400 Firmware +18
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21522 MEDIUM This Month

Dell BIOS contains a Credentials Management issue. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Latitude 5285 2 In 1 Firmware Latitude 5289 2 In 1 Firmware Latitude 5310 2 In 1 Firmware +25
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy