Skip to main content
CVE-2021-29006 MEDIUM POC This Month

rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Rconfig
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
7.0%
CVE-2021-22263 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-40886 MEDIUM POC This Month

Projectsend version r1295 is affected by a directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Projectsend
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-40541 MEDIUM POC This Month

PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpfusion
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-40542 MEDIUM POC This Month

Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
3.0%
CVE-2021-24719 MEDIUM POC This Month

The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Enfold
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2021-24563 MEDIUM POC THREAT This Month

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Frontend Uploader
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
26.4%
CVE-2021-41798 MEDIUM POC This Month

MediaWiki before 1.36.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-40191 MEDIUM POC This Month

Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dzzoffice
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-40888 MEDIUM POC This Month

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Projectsend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24720 MEDIUM POC PATCH This Month

The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Geodirectory
NVD GitHub WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-24712 MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Appointment Hour Booking
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24690 MEDIUM POC This Month

The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chained Quiz
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24683 MEDIUM POC This Month

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Weather Effect
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-24577 MEDIUM POC This Month

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Coming Soon And Maintenance Mode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24576 MEDIUM POC This Month

The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Accordion
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24545 MEDIUM POC This Month

The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Wp Html Author Bio
NVD WPScan
CVSS 3.1
5.4
EPSS
1.8%
CVE-2021-24737 MEDIUM POC This Month

The Comments - wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpdiscuz
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24709 MEDIUM POC This Month

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Weather Effect
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24691 MEDIUM POC This Month

The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24681 MEDIUM POC This Month

The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Duplicate Page
NVD WPScan
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-24656 MEDIUM POC This Month

The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used),. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Social Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-20121 MEDIUM POC This Month

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. Rated medium severity (CVSS 4.0). Public exploit code available and no vendor patch available.

Information Disclosure Prv65B444A S Ts Firmware
NVD
CVSS 3.1
4.0
EPSS
0.5%
CVE-2021-25738 MEDIUM PATCH This Month

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes RCE Java
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-32028 MEDIUM PATCH This Month

A flaw was found in postgresql. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PostgreSQL Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-35059 MEDIUM This Month

OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Way4
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-42134 MEDIUM PATCH This Month

The Unicorn framework before 0.36.1 for Django allows XSS via a component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Unicorn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-35060 MEDIUM This Month

/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Way4
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41831 MEDIUM This Month

It is possible for an attacker to manipulate the timestamp of signed documents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-41800 MEDIUM PATCH This Month

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Mediawiki Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-42137 MEDIUM This Month

An issue was discovered in Zammad before 5.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy