Skip to main content
CVE-2021-42223 MEDIUM POC This Month

Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Dj Booking Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20128 MEDIUM POC This Month

The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vigorconnect
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41342 MEDIUM PATCH This Month

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.8
EPSS
1.5%
CVE-2021-22036 MEDIUM This Month

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Information Disclosure VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20804 MEDIUM This Month

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Remote Service Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20801 MEDIUM This Month

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XXE Remote Service Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20796 MEDIUM This Month

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Remote Service Manager
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-41350 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-41332 MEDIUM PATCH This Month

Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-40460 MEDIUM PATCH This Month

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-41139 MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-40732 MEDIUM This Month

XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-20834 MEDIUM This Month

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Nike
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-20807 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20806 MEDIUM This Month

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Remote Service Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41355 MEDIUM PATCH This Month

.NET Core and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Net Powershell Visual Studio 2019
NVD
CVSS 3.1
5.7
EPSS
20.3%
CVE-2021-41343 MEDIUM PATCH This Month

Windows Fast FAT File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-41338 MEDIUM PATCH This Month

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
3.2%
CVE-2021-41336 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 11 Windows Server 2022
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40475 MEDIUM PATCH This Month

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40472 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +3
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40468 MEDIUM PATCH This Month

Windows Bind Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-40455 MEDIUM PATCH This Month

Windows Installer Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-40454 MEDIUM PATCH This Month

Rich Text Edit Control Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure 365 Apps Office Windows 10 Windows 11 +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-38663 MEDIUM PATCH This Month

Windows exFAT File System Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-38662 MEDIUM PATCH This Month

Windows Fast FAT File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-20805 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20803 MEDIUM This Month

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20800 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20799 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20798 MEDIUM This Month

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20797 MEDIUM This Month

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XSS Remote Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41361 MEDIUM PATCH This Month

Active Directory Federation Server Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41354 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41353 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41138 MEDIUM PATCH This Month

Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frontier
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20832 MEDIUM This Month

InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Inbody
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20802 MEDIUM This Month

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Remote Service Manager
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-41346 MEDIUM PATCH This Month

Console Window Host Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-40482 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-40456 MEDIUM PATCH This Month

Windows AD FS Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows Server Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-41337 MEDIUM PATCH This Month

Active Directory Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2021-26318 MEDIUM This Month

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon Firmware Athlon Pro Firmware Epyc Firmware +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-41339 MEDIUM PATCH This Month

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2021-22035 MEDIUM PATCH This Month

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Cloud Foundation Vrealize Log Insight Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-33609 MEDIUM PATCH This Month

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Vaadin
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-41363 MEDIUM PATCH This Month

Intune Management Extension Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.2).

Authentication Bypass Intune Management Extension
NVD
CVSS 3.1
4.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy