Skip to main content
CVE-2021-3916 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-39416 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Remote Clinic
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-39413 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39411 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Hospital Management System
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-41251 MEDIUM POC PATCH This Month

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SAP Information Disclosure Cloud Sdk
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2021-41227 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41222 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41217 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41215 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41200 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41199 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41198 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41197 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-41196 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41195 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42664 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Engineers Online Portal
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-42662 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Event Booking And Reservation System
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-26844 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pa Server Monitor
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22260 MEDIUM POC This Month

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-39904 MEDIUM POC This Month

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-42663 MEDIUM POC This Month

An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Event Booking And Reservation System
NVD GitHub
CVSS 3.1
4.3
EPSS
3.8%
CVE-2021-39913 MEDIUM This Month

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-25503 MEDIUM This Month

Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-3774 MEDIUM This Month

Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mss550X Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-42701 MEDIUM This Month

An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Daqfactory
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2021-39412 MEDIUM This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Shopping Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-39906 MEDIUM This Month

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
60.7%
CVE-2021-29753 MEDIUM This Month

IBM Business Automation Workflow 18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-42699 MEDIUM This Month

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Daqfactory
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2021-25507 MEDIUM This Month

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Flow
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2021-41213 MEDIUM PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41218 MEDIUM PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-41209 MEDIUM PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-41207 MEDIUM PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-41202 MEDIUM PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41204 MEDIUM PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25506 MEDIUM This Month

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Denial Of Service Authentication Bypass Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25502 MEDIUM This Month

A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-39912 MEDIUM This Month

A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39909 MEDIUM This Month

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gitlab Jwt Attack
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-39907 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39898 MEDIUM This Month

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-39897 MEDIUM This Month

Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-39895 MEDIUM This Month

In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.5
EPSS
1.0%
CVE-2021-25500 MEDIUM This Month

A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-39911 MEDIUM This Month

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-41250 MEDIUM PATCH This Month

Python discord bot is the community bot for the Python Discord community. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Python Authentication Bypass Bot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-39905 MEDIUM This Month

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-25504 MEDIUM This Month

Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Group Sharing
NVD
CVSS 3.1
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy