Skip to main content
CVE-2021-44033 MEDIUM POC This Month

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Authentication Bypass Identity Vault
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-3976 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Kimai 2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-43409 MEDIUM POC This Month

The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Information Disclosure Wordpress Azure Ad Microsoft Office 365
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-42363 MEDIUM POC PATCH This Month

The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS PHP Preview E Mails For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-29323 MEDIUM POC This Month

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-33850 MEDIUM POC This Month

There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Clarity
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-3920 MEDIUM POC PATCH This Month

grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav Plugin Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-3961 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3950 MEDIUM POC PATCH This Month

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python XSS Django Helpdesk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-3963 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Kimai 2
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-3957 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Kimai 2
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-39234 MEDIUM PATCH This Month

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Ozone
NVD
CVSS 3.1
6.8
EPSS
1.4%
CVE-2021-22030 MEDIUM PATCH This Month

In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Greenplum
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-39235 MEDIUM PATCH This Month

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Ozone
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-44025 MEDIUM PATCH This Month

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-26262 MEDIUM This Month

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mri 3T Firmware Mri 1 5T Firmware
NVD VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2021-26248 MEDIUM This Month

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mri 3T Firmware Mri 1 5T Firmware
NVD VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2021-42744 MEDIUM This Month

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Mri 1 5T Firmware Mri 3T Firmware
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2021-41278 MEDIUM PATCH This Month

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure App Service Configurable Application Functions Software Development Kit Edgex Foundry
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2021-36003 MEDIUM PATCH This Month

Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Audition
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2021-39198 MEDIUM PATCH This Month

OroCRM is an open source Client Relationship Management (CRM) application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Client Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-36884 MEDIUM PATCH This Month

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Backup Migration
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40131 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE XSS Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22969 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41532 MEDIUM PATCH This Month

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Ozone
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2021-40130 MEDIUM This Month

A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Common Services Platform Collector
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-40129 MEDIUM This Month

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Common Services Platform Collector
NVD
CVSS 3.1
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy