|
200651
|
9.3 |
CRITICAL
Network
|
polrproject
|
polr
|
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existi…
|
-
|
CVE-2021-21276
|
2024-11-21 14:47 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200652
|
5.0 |
MEDIUM
Network
|
openhab
|
openhab
|
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the sam…
|
-
|
CVE-2021-21266
|
2024-11-21 14:47 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200653
|
6.5 |
MEDIUM
Network
|
ckeditor
|
ckeditor5
|
CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of serv…
|
-
|
CVE-2021-21254
|
2024-11-21 14:47 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200654
|
9.8 |
CRITICAL
Network
|
rsshub
|
rsshub
|
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Func…
|
-
|
CVE-2021-21278
|
2024-11-21 14:47 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200655
|
5.4 |
MEDIUM
Network
|
flarum
|
sticky
|
Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14…
|
-
|
CVE-2021-21283
|
2024-11-21 14:47 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200656
|
6.5 |
MEDIUM
Network
|
tendermint
|
tendermint
|
Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. …
|
-
|
CVE-2021-21271
|
2024-11-21 14:47 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200657
|
4.3 |
MEDIUM
Network
|
report_project
oracle
|
report
communications_cloud_native_core_network_slice_selection_function
communications_pricing_design_center
|
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a re…
|
CWE-352
Origin Validation Error
|
CVE-2021-21275
|
2024-11-21 14:47 |
2021-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200658
|
5.5 |
MEDIUM
Local
|
octopus
|
octopusdsc
|
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API ke…
|
-
|
CVE-2021-21270
|
2024-11-21 14:47 |
2021-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200659
|
7.7 |
HIGH
Network
|
deislabs
|
oras
|
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before vers…
|
CWE-59
Link Following
|
CVE-2021-21272
|
2024-11-21 14:47 |
2021-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200660
|
5.4 |
MEDIUM
Network
|
bigprof
|
online_invoicing_system
|
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XS…
|
-
|
CVE-2021-21260
|
2024-11-21 14:47 |
2021-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
