|
195651
|
7.5 |
HIGH
Network
|
go-proxyproto_project
|
go-proxyproto
|
The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
|
NVD-CWE-noinfo
|
CVE-2021-23409
|
2024-11-21 14:51 |
2021-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195652
|
7.5 |
HIGH
Network
|
elfinder.net.core_project
|
elfinder.net.core
|
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.
|
CWE-22
Path Traversal
|
CVE-2021-23407
|
2024-11-21 14:51 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195653
|
9.8 |
CRITICAL
Network
|
totaljs
|
total4
|
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
|
CWE-94
Code Injection
|
CVE-2021-23390
|
2024-11-21 14:51 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195654
|
9.8 |
CRITICAL
Network
|
totaljs
|
total.js
|
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
|
CWE-94
Code Injection
|
CVE-2021-23389
|
2024-11-21 14:51 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195655
|
8.8 |
HIGH
Network
|
pimcore
|
pimcore
|
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the…
|
CWE-89
SQL Injection
|
CVE-2021-23405
|
2024-11-21 14:51 |
2021-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195656
|
6.1 |
MEDIUM
Network
|
flask-user_project
|
flask-user
|
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slas…
|
CWE-601
Open Redirect
|
CVE-2021-23401
|
2024-11-21 14:51 |
2021-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195657
|
9.8 |
CRITICAL
Network
|
ts-nodash_project
|
ts-nodash
|
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23403
|
2024-11-21 14:51 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195658
|
9.8 |
CRITICAL
Network
|
record-like-deep-assign_project
|
record-like-deep-assign
|
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23402
|
2024-11-21 14:51 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195659
|
7.8 |
HIGH
Local
|
tibco
|
spotfire_server
spotfire_statistics_services
spotfire_analytics_platform
enterprise_runtime_for_r
|
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server E…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-23275
|
2024-11-21 14:51 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195660
|
8.8 |
HIGH
Network
|
nodemailer
|
nodemailer
|
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
|
CWE-74
Injection
|
CVE-2021-23400
|
2024-11-21 14:51 |
2021-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
