Skip to main content
CVE-2021-3993 MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3992 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Improper Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kimai2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3990 MEDIUM POC PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-43687 MEDIUM POC PATCH This Month

chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Chamilo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-43689 MEDIUM POC This Month

manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Manage
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44279 MEDIUM POC This Month

Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44277 MEDIUM POC This Month

Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43690 MEDIUM POC This Month

YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yurunproxy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-3983 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Kimai2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3989 MEDIUM POC PATCH This Month

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3964 MEDIUM POC PATCH This Month

elgg is vulnerable to Authorization Bypass Through User-Controlled Key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Elgg
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-4018 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-4015 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-20854 MEDIUM This Month

ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20853 MEDIUM This Month

ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-20852 MEDIUM This Month

Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-29849 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20847 MEDIUM This Month

Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wi Fi Station Sh 52A Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29779 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Microsoft Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-44479 MEDIUM This Month

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Kinetis K82 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-40154 MEDIUM This Month

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Lpc55S69Jbd100 Firmware Lpc55S69Jbd64 Firmware Lpc55S69Jev98 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-25967 MEDIUM PATCH This Month

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Ckan
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20858 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc 2533Ghbk I Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20857 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc 2533Ghbk I Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20856 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20855 MEDIUM This Month

Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrh 733Gbk Firmware Wrh 733Gwh Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43794 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-43793 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-43792 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29863 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-20862 MEDIUM This Month

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +10
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy