|
195121
|
7.8 |
HIGH
Local
|
htmldoc_project
|
htmldoc
|
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-23191
|
2024-11-21 14:51 |
2022-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195122
|
7.8 |
HIGH
Local
|
htmldoc_project
|
htmldoc
|
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-23180
|
2024-11-21 14:51 |
2022-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195123
|
6.1 |
MEDIUM
Network
|
karma_project
|
karma
|
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
|
CWE-601
Open Redirect
|
CVE-2021-23495
|
2024-11-21 14:51 |
2022-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195124
|
9.8 |
CRITICAL
Network
|
object-extend_project
|
object-extend
|
The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23702
|
2024-11-21 14:51 |
2022-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195125
|
9.8 |
CRITICAL
Network
|
appwrite
litespeed.js_project
|
appwrite
litespeed.js
|
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23682
|
2024-11-21 14:51 |
2022-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195126
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of ar…
|
NVD-CWE-noinfo
|
CVE-2021-23555
|
2024-11-21 14:51 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195127
|
7.5 |
HIGH
Network
|
fastify
|
fastify-multipart
|
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://s…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23597
|
2024-11-21 14:51 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195128
|
7.8 |
HIGH
Local
|
intel
|
advisor
|
Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
NVD-CWE-Other
|
CVE-2021-23152
|
2024-11-21 14:51 |
2022-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195129
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.
|
CWE-352
Origin Validation Error
|
CVE-2021-22954
|
2024-11-21 14:51 |
2022-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195130
|
9.8 |
CRITICAL
Network
|
skratchdot
|
object-path-set
|
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23507
|
2024-11-21 14:51 |
2022-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
