Skip to main content
CVE-2021-24894 MEDIUM POC PATCH This Month

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Integer Overflow Denial Of Service Reviews Plus
NVD WPScan
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-38000 MEDIUM POC KEV THREAT This Month

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Open Redirect Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
4.5%
CVE-2021-37999 MEDIUM POC This Month

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24891 MEDIUM POC THREAT This Month

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Website Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
24.0%
CVE-2021-24875 MEDIUM POC This Month

The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ecommerce Product Catalog
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-24703 MEDIUM POC This Month

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Download Plugin
NVD WPScan
CVSS 3.1
5.7
EPSS
0.4%
CVE-2021-3672 MEDIUM POC PATCH This Month

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS C Ares Fedora Enterprise Linux Enterprise Linux Computer Node +13
NVD
CVSS 3.1
5.6
EPSS
2.6%
CVE-2021-24812 MEDIUM POC This Month

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Betterlinks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24729 MEDIUM POC This Month

The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Showcase With Slick Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24888 MEDIUM POC This Month

The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Imageboss
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24882 MEDIUM POC This Month

The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slideshow Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24830 MEDIUM POC PATCH This Month

The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Advanced Access Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24713 MEDIUM POC This Month

The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Lessons Manager Video Lessons Manager Pro
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24700 MEDIUM POC This Month

The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forminator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24668 MEDIUM POC This Month

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Maz Loader
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-36334 MEDIUM PATCH This Month

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Dell RCE Emc Cloud Link
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2021-38875 MEDIUM PATCH This Month

IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Mq
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37023 MEDIUM This Month

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Path Traversal Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-31852 MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Policy Auditor
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31851 MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Policy Auditor
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24873 MEDIUM PATCH This Month

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-22356 MEDIUM This Month

There is a weak secure algorithm vulnerability in Huawei products. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure Ips Module Firmware Ngfw Module Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2021-36333 MEDIUM PATCH This Month

Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Dell Emc Cloud Link
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21561 MEDIUM PATCH This Month

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-37036 MEDIUM This Month

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecns280 Td Firmware Fusioncompute
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-36332 MEDIUM PATCH This Month

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Dell Open Redirect Emc Cloud Link
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25986 MEDIUM PATCH This Month

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Python XSS Django Wiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22410 MEDIUM This Month

There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Imaster Nce Fabric Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-38980 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-37032 MEDIUM This Month

There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-37029 MEDIUM This Month

There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-37013 MEDIUM This Month

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-38004 MEDIUM This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy