Skip to main content
CVE-2021-24956 MEDIUM POC This Month

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Blog2Social
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-24941 MEDIUM POC This Month

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24907 MEDIUM POC This Month

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Everest Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24578 MEDIUM POC This Month

The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sportspress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-44927 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-44926 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44925 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44924 MEDIUM POC This Month

An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44923 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44922 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44921 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44920 MEDIUM POC This Month

An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44919 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44918 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-44917 MEDIUM POC This Month

A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gnuplot
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45297 MEDIUM POC This Month

An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45293 MEDIUM POC This Month

A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Binaryen Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-45292 MEDIUM POC This Month

The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45291 MEDIUM POC This Month

The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45289 MEDIUM POC This Month

A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45288 MEDIUM POC This Month

A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-24738 MEDIUM POC This Month

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Carousel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43587 MEDIUM PATCH This Month

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Powerpath Management Appliance
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-36318 MEDIUM PATCH This Month

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Avamar Server
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-36317 MEDIUM PATCH This Month

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Avamar Server Emc Powerprotect Data Protection Appliance
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-38900 MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow Business Process Manager Workflow Process Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-36341 MEDIUM PATCH This Month

Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Wyse Device Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38966 MEDIUM This Month

IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Automation Workflow Process Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38893 MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Business Process Manager Workflow Process Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-44876 MEDIUM This Month

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systeam Enterprise Resource Planning
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-44875 MEDIUM This Month

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systeam Enterprise Resource Planning
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-45089 MEDIUM This Month

Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2021-45091 MEDIUM This Month

Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy