Skip to main content
CVE-2021-43572 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack Ecdsa Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43571 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Jwt Attack Ecdsa Node
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43570 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jwt Attack Ecdsa Java
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43569 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Ecdsa Dotnet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43568 CRITICAL POC Act Now

The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Elixir Ecdsa
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43466 CRITICAL POC PATCH Act Now

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thymeleaf
NVD VulDB
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-20119 HIGH POC This Week

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. Rated high severity (CVSS 7.1). Public exploit code available and no vendor patch available.

Authentication Bypass Arris Surfboard Sb8200 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-35489 MEDIUM POC This Month

{HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thruk
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35488 MEDIUM POC This Month

{TITLE] Reflected XSS via the host or title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thruk
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2021-40358 CRITICAL Act Now

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Simatic Pcs 7 Simatic Wincc
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2021-43200 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43193 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43185 CRITICAL Act Now

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Youtrack
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43183 CRITICAL Act Now

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hub
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-31886 CRITICAL Act Now

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nucleus Net Nucleus Readystart V3 Nucleus Source Code Apogee Modular Building Controller Firmware +18
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-31884 CRITICAL Act Now

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +19
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-43575 MEDIUM POC This Month

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Engineering Tool Software 6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-43519 MEDIUM POC PATCH This Month

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lua Fedora
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-31890 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Readystart V4 +7
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2021-31889 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 +7
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2021-31346 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Readystart V4 +7
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2021-31345 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +6
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-31888 HIGH This Week

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nucleus Net Nucleus Readystart V3 Nucleus Source Code Apogee Modular Building Controller Firmware +18
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-31887 HIGH This Week

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nucleus Net Nucleus Readystart V3 Nucleus Source Code Apogee Modular Building Controller Firmware +18
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-37207 HIGH PATCH This Week

A vulnerability has been identified in SENTRON powermanager V3 (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Sentron Powermanager 3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-40359 HIGH This Week

A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Simatic Batch Simatic Net Pc Simatic Route Control Simatic Wincc +1
NVD
CVSS 3.1
7.7
EPSS
1.1%
CVE-2021-43174 HIGH PATCH This Week

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Routinator Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43173 HIGH This Week

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-43172 HIGH PATCH This Week

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43182 HIGH This Week

In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-43180 HIGH This Week

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43203 HIGH This Week

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ktor
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-43196 HIGH This Week

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43114 HIGH PATCH This Week

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fort Validator Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-42021 HIGH PATCH This Week

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Siveillance Video Management Software 2019 R1 Siveillance Video Management Software 2019 R2 Siveillance Video Management Software 2019 R3 Siveillance Video Management Software 2020 R1 +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31885 HIGH This Week

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Readystart V4 +7
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-31883 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-31882 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-31881 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 +7
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-40366 HIGH This Week

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Climatix Pol909 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-43189 HIGH This Week

In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2021-43188 HIGH This Week

In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2021-31344 MEDIUM This Month

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 +8
NVD
CVSS 4.0
6.9
EPSS
1.4%
CVE-2021-42025 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mendix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-43181 MEDIUM This Month

In JetBrains Hub before 2021.1.13690, stored XSS is possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hub
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43197 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-3641 MEDIUM This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Gravityzone
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-42015 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Mendix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-40364 MEDIUM This Month

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Wincc
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-43198 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, stored XSS is possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy