Skip to main content
CVE-2021-43807 MEDIUM POC PATCH This Month

Opencast is an Open Source Lecture Capture & Video Management for Education. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-4108 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39183 MEDIUM POC PATCH This Month

Owncast is an open source, self-hosted live video streaming and chat server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Owncast
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-40882 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-42063 MEDIUM POC THREAT This Month

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS SAP Knowledge Warehouse
NVD
CVSS 3.1
6.1
EPSS
22.3%
CVE-2021-4107 MEDIUM POC PATCH This Month

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-42050 MEDIUM POC This Month

An issue was discovered in AbanteCart before 1.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Abantecart
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-3831 MEDIUM POC PATCH This Month

gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Gnuboard5
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-3836 MEDIUM POC PATCH This Month

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

XXE Dbeaver
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-42051 MEDIUM POC This Month

An issue was discovered in AbanteCart before 1.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Abantecart
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-44937 MEDIUM POC This Month

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-44942 MEDIUM POC This Month

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Glfusion
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-43051 MEDIUM This Month

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Server
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-44235 MEDIUM This Month

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-42023 MEDIUM PATCH This Month

A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Authentication Bypass Modelsim Questa
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-42022 MEDIUM This Month

A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Simatic Easie Pcs 7 Skill
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-10228 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Limesurvey
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34425 MEDIUM This Month

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Microsoft SSRF Meetings
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-39319 MEDIUM This Month

The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Duofaq Responsive Flat Simple Faq
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39318 MEDIUM This Month

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP H5P Css Editor
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39315 MEDIUM This Month

The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Magic Post Voice
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39314 MEDIUM This Month

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Woo Enviopack
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39313 MEDIUM This Month

The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Simple Image Gallery
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39311 MEDIUM This Month

The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Link List Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39310 MEDIUM This Month

The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Real Wysiwyg
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39309 MEDIUM This Month

The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Parsian Bank Gateway For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39308 MEDIUM This Month

The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Woo Myghpay Payment Gateway
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38361 MEDIUM This Month

The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Htaccess Redirect
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-43820 MEDIUM PATCH This Month

Seafile is an open source cloud storage system. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Seafile Server
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-44017 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-44015 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-44012 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-44011 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-44010 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-44009 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-44008 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-44007 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-44004 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-44003 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-44043 MEDIUM This Month

An issue was discovered in UiPath App Studio 21.4.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS App Studio
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42367 MEDIUM PATCH This Month

The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Variation Swatches For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42061 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36721 MEDIUM This Month

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Application Programming Interface
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-41836 MEDIUM PATCH This Month

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Fathom Analytics
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-42066 MEDIUM PATCH This Month

SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Information Disclosure SAP Business One
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2021-43827 MEDIUM PATCH This Month

discourse-footnote is a library providing footnotes for posts in Discourse. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Discourse Footnote
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy