|
195091
|
8.8 |
HIGH
Network
|
sqlite-web_project
|
sqlite-web
|
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable…
|
CWE-352
Origin Validation Error
|
CVE-2021-23404
|
2024-11-21 14:51 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195092
|
6.1 |
MEDIUM
Network
|
johndatserakis
|
file-upload-with-preview
|
This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).
|
CWE-79
Cross-site Scripting
|
CVE-2021-23439
|
2024-11-21 14:51 |
2021-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195093
|
7.5 |
HIGH
Network
|
python
fedoraproject
|
pillow
fedora
|
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
|
CWE-125
Out-of-bounds Read
|
CVE-2021-23437
|
2024-11-21 14:51 |
2021-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195094
|
9.8 |
CRITICAL
Network
|
mpath_project
|
mpath
|
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 i…
|
CWE-843
Type Confusion
|
CVE-2021-23438
|
2024-11-21 14:51 |
2021-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195095
|
9.8 |
CRITICAL
Network
|
immer_project
|
immer
|
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, th…
|
CWE-843
Type Confusion
|
CVE-2021-23436
|
2024-11-21 14:51 |
2021-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195096
|
9.8 |
CRITICAL
Network
|
elfinder.netcore_project
|
elfinder.netcore
|
This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the gen…
|
CWE-22
Path Traversal
|
CVE-2021-23428
|
2024-11-21 14:51 |
2021-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195097
|
9.8 |
CRITICAL
Network
|
elfinder.netcore_project
|
elfinder.netcore
|
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.
|
CWE-22
Path Traversal
|
CVE-2021-23427
|
2024-11-21 14:51 |
2021-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195098
|
7.5 |
HIGH
Network
|
proto_project
|
proto
|
This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.
|
NVD-CWE-Other
|
CVE-2021-23426
|
2024-11-21 14:51 |
2021-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195099
|
8.6 |
HIGH
Network
|
object-path_project
debian
|
object-path
debian_linux
|
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular…
|
CWE-843
Type Confusion
|
CVE-2021-23434
|
2024-11-21 14:51 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195100
|
9.8 |
CRITICAL
Network
|
mootools_project
|
mootools
|
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()
|
NVD-CWE-noinfo
|
CVE-2021-23432
|
2024-11-21 14:51 |
2021-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
