Skip to main content
CVE-2021-41115 MEDIUM POC PATCH This Month

Zulip is an open source team chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Zulip
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-23447 MEDIUM POC PATCH This Month

This affects the package teddy before 0.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Teddy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-42053 MEDIUM POC PATCH This Month

The Unicorn framework through 0.35.3 for Django allows XSS via component.name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python XSS Unicorn
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2021-28661 MEDIUM POC PATCH This Month

Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Silverstripe
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-42084 MEDIUM This Month

An issue was discovered in Zammad before 4.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zammad
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20473 MEDIUM PATCH This Month

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20375 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-40439 MEDIUM This Month

Apache OpenOffice has a dependency on expat software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service XXE Openoffice
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2021-41865 MEDIUM This Month

HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Nomad
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-42088 MEDIUM This Month

An issue was discovered in Zammad before 4.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20561 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20481 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling File Gateway
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-3834 MEDIUM This Month

Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Integria Ims
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-36150 MEDIUM PATCH This Month

SilverStripe Framework through 4.8.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Silverstripe
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-42085 MEDIUM This Month

An issue was discovered in Zammad before 4.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42092 MEDIUM This Month

An issue was discovered in Zammad before 4.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41130 MEDIUM PATCH This Month

Extensible Service Proxy, a.k.a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Google Docker Authentication Bypass Extensible Service Proxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-20571 MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-37922 MEDIUM This Month

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-42087 MEDIUM This Month

An issue was discovered in Zammad before 4.1.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-29700 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20552 MEDIUM PATCH This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-20376 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20372 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy