Skip to main content
CVE-2021-4033 MEDIUM POC PATCH This Month

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Kimai 2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-41696 MEDIUM POC This Month

An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Brute Force Authentication Bypass Premiumdatingscript
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-41697 MEDIUM POC This Month

A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Premiumdatingscript
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20137 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gryphon Tower Firmware
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2021-42759 MEDIUM This Month

A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Meru Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-43797 MEDIUM PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty Quarkus Oncommand Workflow Automation +15
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2021-38931 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2 Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-22565 MEDIUM PATCH This Month

An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Exposure Notification Verification Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-38926 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2 Oncommand Insight
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-36167 MEDIUM PATCH This Month

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Fortinet Authentication Bypass Forticlient
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-43410 MEDIUM This Month

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Apache Python Airavata Django Portal
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-36189 MEDIUM PATCH This Month

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Fortinet Information Disclosure Forticlient Enterprise Management Server
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2021-4038 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Network Security Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-43204 MEDIUM PATCH This Month

A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Fortinet Forticlient
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy