|
195061
|
7.5 |
HIGH
Network
|
bikeshed_project
|
bikeshed
|
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could …
|
CWE-22
Path Traversal
|
CVE-2021-23423
|
2024-11-21 14:51 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195062
|
7.8 |
HIGH
Local
|
bikeshed_project
|
bikeshed
|
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command…
|
CWE-78
OS Command
|
CVE-2021-23422
|
2024-11-21 14:51 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195063
|
9.8 |
CRITICAL
Network
|
merge-change_project
|
merge-change
|
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23421
|
2024-11-21 14:51 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195064
|
9.8 |
CRITICAL
Network
|
codeception
|
codeception
|
This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializ…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-23420
|
2024-11-21 14:51 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195065
|
9.8 |
CRITICAL
Network
|
open-graph_project
|
open-graph
|
This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23419
|
2024-11-21 14:51 |
2021-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195066
|
8.8 |
HIGH
Network
|
bosch
|
cpp4_firmware
cpp6_firmware
aviotec_firmware
cpp7_firmware
cpp7.3_firmware
cpp13_firmware
cpp14_firmware
|
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requi…
|
CWE-352
Origin Validation Error
|
CVE-2021-23849
|
2024-11-21 14:51 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195067
|
9.8 |
CRITICAL
Network
|
glances_project
|
glances
|
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
|
CWE-611
XXE
|
CVE-2021-23418
|
2024-11-21 14:51 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195068
|
9.8 |
CRITICAL
Network
|
deepmergefn_project
|
deepmergefn
|
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23417
|
2024-11-21 14:51 |
2021-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195069
|
6.1 |
MEDIUM
Network
|
curly-bracket-parser_project
|
curly-bracket-parser
|
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23416
|
2024-11-21 14:51 |
2021-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195070
|
7.5 |
HIGH
Network
|
elfinder.aspnet_project
|
elfinder.aspnet
|
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
|
CWE-22
Path Traversal
|
CVE-2021-23415
|
2024-11-21 14:51 |
2021-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
