Skip to main content
CVE-2021-41878 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Panel Administration System
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
9.9%
CVE-2021-24679 MEDIUM POC This Month

The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bitcoin Altcoin Payment Gateway For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24676 MEDIUM POC This Month

The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Better Find And Replace
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21704 MEDIUM POC This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service PHP Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2021-39885 MEDIUM POC This Month

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-39486 MEDIUM POC This Month

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Gila Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38822 MEDIUM POC This Month

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Icehrm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-37330 MEDIUM POC This Month

Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Booking Core
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24678 MEDIUM POC This Month

The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tooltip Glossary
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24654 MEDIUM POC This Month

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41867 MEDIUM POC PATCH This Month

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-37331 MEDIUM POC This Month

Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Booking Core
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-21705 MEDIUM POC PATCH This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Clustered Data Ontap Sd Wan Aware
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-24687 MEDIUM POC This Month

The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24673 MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Appointment Hour Booking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-38400 MEDIUM This Month

An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2021-38398 MEDIUM This Month

The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoom Latitude Programming System Model 3120 Firmware Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-38396 MEDIUM This Month

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-22259 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21706 MEDIUM PATCH This Month

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft PHP Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-38394 MEDIUM This Month

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2021-41091 MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
2.7%
CVE-2021-41089 MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-23856 MEDIUM This Month

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-39877 MEDIUM This Month

A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-25964 MEDIUM PATCH This Month

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Calibre Web
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41123 MEDIUM PATCH This Month

Survey Solutions is a survey management and data collection system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Survey Solutions
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-41596 MEDIUM This Month

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-41595 MEDIUM This Month

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-41094 MEDIUM PATCH This Month

Wire is an open source secure messenger. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Wire
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-39347 MEDIUM PATCH This Month

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress PHP Authentication Bypass Stripe For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-32672 MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Redis Information Disclosure Software Collections Enterprise Linux +5
NVD GitHub
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-39883 MEDIUM This Month

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-39874 MEDIUM This Month

In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-39873 MEDIUM This Month

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-39871 MEDIUM This Month

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-39868 MEDIUM This Month

In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-36850 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer - Auto & Manual Rename plugin (versions <= 5.1.9). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Media File Renamer Auto Manual Rename
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-39899 MEDIUM This Month

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy