|
195131
|
7.5 |
HIGH
Network
|
getadigital
|
nested-object-assign
|
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23329
|
2024-11-21 14:51 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195132
|
5.6 |
MEDIUM
Network
|
iniparserjs_project
|
iniparserjs
|
This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute …
|
NVD-CWE-Other
|
CVE-2021-23328
|
2024-11-21 14:51 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195133
|
5.4 |
MEDIUM
Network
|
tibco
|
bpm_enterprise
bpm_enterprise_distribution_for_silver_fabric
|
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically a…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23272
|
2024-11-21 14:51 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195134
|
8.8 |
HIGH
Network
|
the-guild
|
graphql-tools
|
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.
|
CWE-78
OS Command
|
CVE-2021-23326
|
2024-11-21 14:51 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195135
|
4.8 |
MEDIUM
Network
|
flatcore
|
flatcore
|
An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter …
|
CWE-79
Cross-site Scripting
|
CVE-2021-23838
|
2024-11-21 14:51 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195136
|
6.5 |
MEDIUM
Network
|
flatcore
|
flatcore
|
An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected para…
|
CWE-89
SQL Injection
|
CVE-2021-23837
|
2024-11-21 14:51 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195137
|
4.8 |
MEDIUM
Network
|
flatcore
|
flatcore
|
An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23836
|
2024-11-21 14:51 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195138
|
4.9 |
MEDIUM
Network
|
flatcore
|
flatcore
|
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploi…
|
CWE-20
Improper Input Validation
|
CVE-2021-23835
|
2024-11-21 14:51 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195139
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23125
|
2024-11-21 14:51 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195140
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23124
|
2024-11-21 14:51 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
