Skip to main content
CVE-2021-41168 MEDIUM POC PATCH This Month

Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service Snudown
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-35512 MEDIUM POC This Month

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SSRF Manageengine Applications Manager
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-28975 MEDIUM POC This Month

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Mailster
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-39357 MEDIUM POC PATCH This Month

The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Leaky Paywall
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39356 MEDIUM POC This Month

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Content Staging
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-39354 MEDIUM POC PATCH This Month

The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Easy Digital Downloads
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-39348 MEDIUM POC PATCH This Month

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Learnpress
NVD GitHub
CVSS 3.1
4.8
EPSS
5.0%
CVE-2021-39328 MEDIUM POC PATCH This Month

The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Simple Job Board
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-42327 MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd Memory Corruption Linux Kernel +9
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-28496 MEDIUM This Month

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-40123 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-39126 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Atlassian Information Disclosure Jira Data Center Jira Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-35225 MEDIUM This Month

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Performance Monitor
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2021-36869 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ivory Search
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34738 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-42715 MEDIUM This Month

An issue was discovered in stb stb_image.h 1.33 through 2.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stb Image H Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-27746 MEDIUM This Month

"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41791 MEDIUM This Month

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Community Share Share
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41792 MEDIUM This Month

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Alfresco Content Services Alfresco Transform Services
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-39127 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-41169 MEDIUM PATCH This Month

Sulu is an open-source PHP content management system based on the Symfony framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Sulu
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-40121 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-34789 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Tetration
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-34760 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Telepresence Management Suite
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-35228 MEDIUM This Month

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Database Performance Analyzer
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2021-29883 MEDIUM PATCH This Month

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Transformation Extender Advanced
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-42096 MEDIUM PATCH This Month

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Mailman Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy