Skip to main content
CVE-2021-34544 MEDIUM POC This Month

An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Solar Log 500 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-4049 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-44148 MEDIUM POC This Month

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gl Ar150 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43810 MEDIUM POC PATCH This Month

Admidio is a free open source user management system for websites of organizations and groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Admidio
NVD GitHub
CVSS 3.1
6.1
EPSS
5.8%
CVE-2021-42567 MEDIUM POC PATCH This Month

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Central Authentication Service
NVD GitHub
CVSS 3.1
6.1
EPSS
8.1%
CVE-2021-37940 MEDIUM This Month

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure Enterprise Search
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-44527 MEDIUM This Month

A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Denial Of Service Unifi Switch Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-19611 MEDIUM PATCH This Month

Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Racktables
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-36760 MEDIUM This Month

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS Api Manager Identity Server Identity Server As Key Manager +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29116 MEDIUM This Month

A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37085 MEDIUM This Month

There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Denial Of Service Race Condition Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2021-37082 MEDIUM This Month

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Denial Of Service Race Condition Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2021-40096 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Squaredup
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-40094 MEDIUM This Month

A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Squaredup
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-40093 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Squaredup
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40092 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Squaredup
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37058 MEDIUM This Month

There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user's nickname is maliciously tampered with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-37056 MEDIUM This Month

There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-37055 MEDIUM This Month

There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-29115 MEDIUM This Month

An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcgis Enterprise
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-40095 MEDIUM This Month

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Squaredup
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-29113 MEDIUM This Month

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Code Injection Arcgis Server
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2020-27413 MEDIUM This Month

An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Mahavitaran
NVD VulDB
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy