Skip to main content
CVE-2021-3380 MEDIUM POC This Month

Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H8 Ssrms
NVD Exploit-DB VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-40518 MEDIUM POC This Month

Airangel HSMX Gateway devices through 5.2.04 allow CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-41349 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
93.9%
CVE-2021-33618 MEDIUM POC THREAT This Month

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
79.3%
CVE-2021-41038 MEDIUM POC PATCH This Month

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Theia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-41427 MEDIUM POC This Month

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smart Box Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-40517 MEDIUM POC This Month

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hsmx App 25 Firmware Hsmx App 100 Firmware Hsmx App 1000 Firmware Hsmx App 5000 Firmware +1
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42284 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
3.4%
CVE-2021-42274 MEDIUM PATCH This Month

Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-41374 MEDIUM PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2021-42304 MEDIUM PATCH This Month

Azure RTOS Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Real Time Operating System
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2021-42303 MEDIUM PATCH This Month

Azure RTOS Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Real Time Operating System
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2021-42302 MEDIUM PATCH This Month

Azure RTOS Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Real Time Operating System
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2021-38887 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22870 MEDIUM This Month

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-42305 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
8.1%
CVE-2021-41368 MEDIUM PATCH This Month

Microsoft Access Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-42300 MEDIUM PATCH This Month

Azure Sphere Tampering Vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-3572 MEDIUM PATCH This Month

A flaw was found in python-pip in the way it handled Unicode separators in git references. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Pip Agile Plm Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
5.7
EPSS
1.7%
CVE-2021-42288 MEDIUM PATCH This Month

Windows Hello Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-42111 MEDIUM This Month

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Openotp Token
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-32022 MEDIUM This Month

A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Protect
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-42280 MEDIUM PATCH This Month

Windows Feedback Hub Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-42277 MEDIUM PATCH This Month

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Visual Studio Visual Studio 2017 Visual Studio 2019 Windows 10 +4
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-41379 MEDIUM KEV PATCH THREAT This Month

Windows Installer Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +15
NVD
CVSS 3.1
5.5
EPSS
20.1%
CVE-2021-41373 MEDIUM PATCH This Month

FSLogix Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Fslogix
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-43561 MEDIUM PATCH This Month

An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS Google For Jobs
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-25975 MEDIUM PATCH This Month

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Publify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25974 MEDIUM PATCH This Month

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Publify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40504 MEDIUM This Month

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-34582 MEDIUM This Month

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fl Mguard 1102 Firmware Fl Mguard 1105 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2021-42319 MEDIUM PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2021-41375 MEDIUM PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
4.4
EPSS
0.8%
CVE-2021-41371 MEDIUM PATCH This Month

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
4.4
EPSS
1.4%
CVE-2021-38631 MEDIUM PATCH This Month

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
4.4
EPSS
1.6%
CVE-2021-42062 MEDIUM This Month

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp Human Capital Management
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-41351 MEDIUM PATCH This Month

Microsoft Edge (Chrome based) Spoofing on IE Mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.3
EPSS
3.6%
CVE-2021-42279 MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
4.2
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy