Skip to main content
CVE-2021-3829 MEDIUM POC PATCH This Month

openwhyd is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Openwhyd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-4084 MEDIUM POC PATCH This Month

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-4081 MEDIUM POC PATCH This Month

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-4089 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Snipe It
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-4082 MEDIUM POC PATCH This Month

pimcore is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pimcore
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-38937 MEDIUM This Month

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Powervm Hypervisor
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37187 MEDIUM This Month

An issue was discovered on Digi TransPort devices through 2021-07-21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Transport Dr64 Firmware Transport Vc74 Firmware Transport Wr11 Firmware Transport Wr11 Xt Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-36911 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Comment Engine Pro
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-31747 MEDIUM This Month

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Information Disclosure Pluck
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2021-43815 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal
NVD GitHub
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-43813 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal
NVD GitHub
CVSS 3.1
4.3
EPSS
57.5%
CVE-2021-40834 MEDIUM This Month

A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Safe
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy