Skip to main content
CVE-2021-21937 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21935 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21934 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21933 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21932 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21931 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21930 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21929 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21928 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21927 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21926 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21925 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21924 MEDIUM POC THREAT This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
20.2%
CVE-2021-21922 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21908 MEDIUM POC This Month

Specially-crafted command line arguments can lead to arbitrary file deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ic Module Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21896 MEDIUM POC This Month

A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Premierwave 2050 Firmware
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-43156 MEDIUM POC This Month

In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Online Book Store Project In Php
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-20426 MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-20425 MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS S Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-45267 MEDIUM POC This Month

An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45263 MEDIUM POC This Month

An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45262 MEDIUM POC This Month

An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45261 MEDIUM POC This Month

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Patch
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45260 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45259 MEDIUM POC This Month

An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45258 MEDIUM POC This Month

A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-21923 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21921 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21920 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21919 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21918 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21907 MEDIUM POC This Month

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ic Module Cma
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-21878 MEDIUM POC This Month

A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Premierwave 2050 Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-21886 MEDIUM POC This Month

A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Premierwave 2050 Firmware
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2021-43158 MEDIUM POC This Month

In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Online Shopping System
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-39013 MEDIUM This Month

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-44544 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
9.5%
CVE-2021-44471 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-36885 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon - CFDB7 WordPress plugin (versions <= 1.2.6.1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Contact Form 7 Database Addon
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31558 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
10.6%
CVE-2021-23228 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44030 MEDIUM This Month

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kace Desktop Authority
NVD
CVSS 3.1
6.1
EPSS
4.2%
CVE-2021-45257 MEDIUM This Month

An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45256 MEDIUM This Month

A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-40836 MEDIUM This Month

A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Atlant Internet Gatekeeper Linux Security +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-44028 MEDIUM This Month

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Kace Desktop Authority
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2021-43853 MEDIUM PATCH This Month

Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Ajax Net Professional
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy