Skip to main content
CVE-2021-3874 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-3875 MEDIUM POC PATCH This Month

vim is vulnerable to Heap-based Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2021-39349 MEDIUM POC PATCH This Month

The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Author Bio Box
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-39345 MEDIUM POC PATCH This Month

The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Hal
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39344 MEDIUM POC PATCH This Month

The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Kjm Admin Notices
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-39338 MEDIUM POC PATCH This Month

The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Mybb Cross Poster
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39337 MEDIUM POC PATCH This Month

The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Job Portal
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39336 MEDIUM POC This Month

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Job Manager
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39335 MEDIUM POC PATCH This Month

The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Wpgenius Job Listing
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39334 MEDIUM POC PATCH This Month

The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Job Board Vanila
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39864 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Adobe Commerce Magento Open Source
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-40990 MEDIUM This Month

A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-40995 MEDIUM This Month

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2021-40994 MEDIUM This Month

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2021-40721 MEDIUM PATCH This Month

Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-41320 MEDIUM This Month

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Wallstreet Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42335 MEDIUM This Month

Easytest bulletin board management function of online learning platform does not filter special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easytest Online Learning Test Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-42331 MEDIUM This Month

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xinhe Teaching Platform System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-42329 MEDIUM This Month

The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xinhe Teaching Platform System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-39332 MEDIUM This Month

The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Business Manager
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38431 MEDIUM This Month

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Webaccess Scada
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-42336 MEDIUM This Month

The learning history page of the Easytest is vulnerable by permission bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Easytest Online Learning Test Platform
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-42332 MEDIUM This Month

The “List View” function of ShinHer StudyOnline System is not under authority control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xinhe Teaching Platform System
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy