Skip to main content
CVE-2021-41192 MEDIUM POC PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Redash
NVD GitHub
CVSS 3.1
6.5
EPSS
8.0%
CVE-2021-20842 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ec Cube
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20841 MEDIUM POC PATCH This Month

Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ec Cube
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-42297 MEDIUM POC PATCH This Month

Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Update Assistant
NVD
CVSS 3.1
5.0
EPSS
1.5%
CVE-2021-41270 MEDIUM PATCH This Month

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Code Injection Symfony Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-41267 MEDIUM PATCH This Month

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling PHP Information Disclosure Symfony
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-43268 MEDIUM This Month

An issue was discovered in VxWorks 6.9 through 7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-32037 MEDIUM This Month

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-43777 MEDIUM PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Google Redash
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-20848 MEDIUM PATCH This Month

Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rwtxt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20840 MEDIUM This Month

Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Booking Package
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-40369 MEDIUM PATCH This Month

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-20844 MEDIUM This Month

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rtx830 Firmware Nvr510 Firmware Nvr700W Firmware Rtx1210 Firmware +4
NVD
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-43211 MEDIUM PATCH This Month

Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Update Assistant
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-20843 MEDIUM This Month

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rtx830 Firmware Nvr510 Firmware Nvr700W Firmware Rtx1210 Firmware +4
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-43221 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Google RCE Code Injection Microsoft Edge Chromium
NVD
CVSS 3.1
4.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy