Skip to main content
CVE-2021-3906 MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-3900 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-37808 MEDIUM POC This Month

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi News Portal
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2021-37806 MEDIUM POC This Month

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Vehicle Parking Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2021-3904 MEDIUM POC PATCH This Month

grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37805 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Vehicle Parking Management System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37131 MEDIUM PATCH This Month

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Manageone Imanager Neteco Imanager Neteco 6000
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-1115 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Microsoft Denial Of Service Nvidia Gpu Display Driver
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-40125 MEDIUM This Month

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Memory Corruption Use After Free Denial Of Service +10
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-29786 MEDIUM PATCH This Month

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-36756 MEDIUM PATCH This Month

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cfengine
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-37124 MEDIUM This Month

There is a path traversal vulnerability in Huawei PC product. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Path Traversal Pc Smart Full Scene Pcmanager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-37122 MEDIUM This Month

There is a use-after-free (UAF) vulnerability in Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Cloudengine 12800 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-34764 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect XSS Firepower Management Center Virtual Appliance Firepower Threat Defense +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-34761 MEDIUM This Month

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Management Center Virtual Appliance Firepower Threat Defense Sourcefire Defense Center
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-1117 MEDIUM This Month

Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1116 MEDIUM This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Nvidia Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29868 MEDIUM PATCH This Month

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure I2 Ibase
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38379 MEDIUM This Month

The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cfengine
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29713 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization Rational Collaborative Lifecycle Management Rational Doors Next Generation +2
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29673 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-25219 MEDIUM PATCH This Month

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux Fedora H300s Firmware +11
NVD
CVSS 3.1
5.3
EPSS
8.0%
CVE-2021-34794 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firepower Threat Defense Adaptive Security Appliance Software Asa 5512 X Firmware +7
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-34791 MEDIUM This Month

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34790 MEDIUM This Month

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34787 MEDIUM This Month

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-20526 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-41590 MEDIUM This Month

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-35236 MEDIUM This Month

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-35235 MEDIUM This Month

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-35233 MEDIUM This Month

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-32951 MEDIUM PATCH This Month

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Webaccess Nms
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-34763 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Open Redirect XSS Firepower Management Center Virtual Appliance Firepower Threat Defense +1
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy