Skip to main content
CVE-2021-35489 MEDIUM POC This Month

{HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thruk
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35488 MEDIUM POC This Month

{TITLE] Reflected XSS via the host or title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thruk
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2021-43575 MEDIUM POC This Month

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Engineering Tool Software 6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-43519 MEDIUM POC PATCH This Month

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lua Fedora
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-31344 MEDIUM This Month

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 +8
NVD
CVSS 4.0
6.9
EPSS
1.4%
CVE-2021-42025 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mendix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-43181 MEDIUM This Month

In JetBrains Hub before 2021.1.13690, stored XSS is possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hub
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43197 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-3641 MEDIUM This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Gravityzone
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-42015 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Mendix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-40364 MEDIUM This Month

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Wincc
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-43198 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, stored XSS is possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-43186 MEDIUM This Month

JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-43184 MEDIUM This Month

In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43201 MEDIUM This Month

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-43199 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-43195 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-43194 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, user enumeration was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-43192 MEDIUM This Month

In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-43191 MEDIUM This Month

JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-43190 MEDIUM This Month

In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-43187 MEDIUM This Month

In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-42026 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mendix
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy