|
195131
|
9.8 |
CRITICAL
Network
|
set_project
|
set
|
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomple…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23497
|
2024-11-21 14:51 |
2022-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195132
|
9.8 |
CRITICAL
Network
|
putil-merge_project
|
putil-merge
|
This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23470
|
2024-11-21 14:51 |
2022-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195133
|
7.8 |
HIGH
Local
|
juce
|
juce
|
This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic l…
|
CWE-59
Link Following
|
CVE-2021-23521
|
2024-11-21 14:51 |
2022-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195134
|
9.8 |
CRITICAL
Network
|
juce
|
juce
|
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability…
|
CWE-22
Path Traversal
|
CVE-2021-23520
|
2024-11-21 14:51 |
2022-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195135
|
9.8 |
CRITICAL
Network
|
keyget_project
|
keyget
|
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution.…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23760
|
2024-11-21 14:51 |
2022-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195136
|
9.8 |
CRITICAL
Network
|
bmoor_project
|
bmoor
|
The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23558
|
2024-11-21 14:51 |
2022-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195137
|
9.8 |
CRITICAL
Network
|
zip-local_project
|
zip-local
|
The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.
|
CWE-22
Path Traversal
|
CVE-2021-23484
|
2024-11-21 14:51 |
2022-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195138
|
6.1 |
MEDIUM
Network
|
bosch
|
video_security
|
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component l…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23863
|
2024-11-21 14:51 |
2022-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195139
|
4.8 |
MEDIUM
Network
|
wpchill
|
download_monitor
|
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_v…
|
-
|
CVE-2021-23174
|
2024-11-21 14:51 |
2022-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195140
|
7.5 |
HIGH
Network
|
isomorphic-git
|
cors-proxy
|
The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-23664
|
2024-11-21 14:51 |
2022-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
