Skip to main content
CVE-2021-43282 MEDIUM POC This Month

An issue was discovered on Victure WR1200 devices through 1.0.3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wr1200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-42564 MEDIUM POC This Month

An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cryptshare Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-4026 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-38967 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection Mq Appliance
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-36329 MEDIUM This Month

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Streaming Data Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-36326 MEDIUM This Month

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Streaming Data Platform
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31787 MEDIUM This Month

The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ats2819P Firmware Ats2815 Firmware Ats2819 Firmware Ats2819S Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-44230 MEDIUM This Month

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Burp Suite
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22095 MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-43998 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-42120 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-43295 MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2021-43294 MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-39000 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-38999 MEDIUM PATCH This Month

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38958 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42119 MEDIUM This Month

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Topease
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42118 MEDIUM This Month

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Topease
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-42117 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Topease
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-36327 MEDIUM This Month

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell SSRF Emc Streaming Data Platform
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-25987 MEDIUM PATCH This Month

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Hexo
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2021-42122 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-42121 MEDIUM This Month

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Topease
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-42116 MEDIUM This Month

Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Topease
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy