Skip to main content
CVE-2021-3957 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Kimai 2
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-43555 HIGH PATCH This Week

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Path Traversal Mydesigner
NVD
CVSS 3.1
7.8
EPSS
38.0%
CVE-2021-42254 HIGH This Week

BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Privilege Management For Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3962 HIGH PATCH This Week

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
5.8%
CVE-2021-22970 HIGH PATCH This Week

Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22967 HIGH PATCH This Week

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-22965 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-22951 HIGH PATCH This Week

Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-44037 HIGH This Week

Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Team Password Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-39923 HIGH PATCH This Week

Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-39234 MEDIUM PATCH This Month

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
6.8
EPSS
1.4%
CVE-2021-22030 MEDIUM PATCH This Month

In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Greenplum
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-39235 MEDIUM PATCH This Month

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Ozone
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-44025 MEDIUM PATCH This Month

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-26262 MEDIUM This Month

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mri 3T Firmware Mri 1 5T Firmware
NVD VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2021-26248 MEDIUM This Month

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mri 3T Firmware Mri 1 5T Firmware
NVD VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2021-42744 MEDIUM This Month

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Mri 1 5T Firmware Mri 3T Firmware
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2021-41278 MEDIUM PATCH This Month

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure App Service Configurable Application Functions Software Development Kit Edgex Foundry
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2021-36003 MEDIUM PATCH This Month

Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Audition
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2021-39198 MEDIUM PATCH This Month

OroCRM is an open source Client Relationship Management (CRM) application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Client Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-36884 MEDIUM PATCH This Month

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Backup Migration
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40131 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE XSS Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22969 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41532 MEDIUM PATCH This Month

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Ozone
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2021-40130 MEDIUM This Month

A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Common Services Platform Collector
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-40129 MEDIUM This Month

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Common Services Platform Collector
NVD
CVSS 3.1
4.9
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy