Skip to main content
CVE-2021-42550 MEDIUM POC PATCH This Month

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization RCE Logback Satellite Cloud Manager +3
NVD GitHub
CVSS 3.1
6.6
EPSS
4.4%
CVE-2021-4123 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-4124 MEDIUM POC PATCH This Month

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Janus
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-4121 MEDIUM POC PATCH This Month

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-45088 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-45087 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-45086 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-45085 MEDIUM POC PATCH This Month

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epiphany Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-44317 MEDIUM POC This Month

In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bus Pass Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41962 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vehicle Service Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-26800 MEDIUM This Month

Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP User Management System In Php Stored Procedure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-43812 MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Nextjs Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-3179 MEDIUM This Month

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Gglocker
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-45097 MEDIUM This Month

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Knime Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-45095 MEDIUM PATCH This Month

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-41261 MEDIUM PATCH This Month

Galette is a membership management web application built for non profit organizations and released under GPLv3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Galette
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-40835 MEDIUM This Month

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safe
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-45096 MEDIUM This Month

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Knime Analytics Platform
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy