|
195081
|
6.1 |
MEDIUM
Network
|
flask-user_project
|
flask-user
|
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slas…
|
CWE-601
Open Redirect
|
CVE-2021-23401
|
2024-11-21 14:51 |
2021-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195082
|
9.8 |
CRITICAL
Network
|
ts-nodash_project
|
ts-nodash
|
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23403
|
2024-11-21 14:51 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195083
|
9.8 |
CRITICAL
Network
|
record-like-deep-assign_project
|
record-like-deep-assign
|
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23402
|
2024-11-21 14:51 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195084
|
7.8 |
HIGH
Local
|
tibco
|
spotfire_server
spotfire_statistics_services
spotfire_analytics_platform
enterprise_runtime_for_r
|
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server E…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-23275
|
2024-11-21 14:51 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195085
|
8.8 |
HIGH
Network
|
nodemailer
|
nodemailer
|
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
|
CWE-74
Injection
|
CVE-2021-23400
|
2024-11-21 14:51 |
2021-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195086
|
9.8 |
CRITICAL
Network
|
wincred_project
|
wincred
|
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to us…
|
CWE-78
OS Command
|
CVE-2021-23399
|
2024-11-21 14:51 |
2021-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195087
|
6.1 |
MEDIUM
Network
|
react-bootstrap-table_project
|
react-bootstrap-table
|
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23398
|
2024-11-21 14:51 |
2021-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195088
|
5.9 |
MEDIUM
Network
|
bosch
|
b426_firmware
|
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Fir…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23846
|
2024-11-21 14:51 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195089
|
8.8 |
HIGH
Network
|
bosch
|
b426_firmware
b426-cn_firmware
b429-cn_firmware
b426-m_firmware
|
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found durin…
|
NVD-CWE-noinfo
|
CVE-2021-23845
|
2024-11-21 14:51 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195090
|
9.8 |
CRITICAL
Network
|
lutils_project
|
lutils
|
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23396
|
2024-11-21 14:51 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
