Skip to main content
CVE-2021-25968 MEDIUM PATCH This Month

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Opencms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31380 MEDIUM PATCH This Month

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Juniper Session And Resource Control
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-31375 MEDIUM This Month

An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI),. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-31371 MEDIUM This Month

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-31369 MEDIUM This Month

On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-31361 MEDIUM PATCH This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-41140 MEDIUM PATCH This Month

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Discourse Reactions
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-38476 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ir615 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-38911 MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Risk Manager On Cp4S
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-32664 MEDIUM PATCH This Month

Combodo iTop is an open source web based IT Service Management tool. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Itop
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-38482 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38468 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-0298 MEDIUM This Month

A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Juniper Junos Os Evolved
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2021-38472 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2021-30810 MEDIUM This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-30815 LOW Monitor

A lock screen issue allowed access to contacts on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy