|
195001
|
4.9 |
MEDIUM
Network
|
craftercms
|
crafter_cms
|
Authenticated administrators may override the system configuration file and cause a denial of service.
|
NVD-CWE-Other
|
CVE-2021-23261
|
2024-11-21 14:51 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195002
|
5.4 |
MEDIUM
Network
|
craftercms
|
crafter_cms
|
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23260
|
2024-11-21 14:51 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195003
|
7.2 |
HIGH
Network
|
craftercms
|
crafter_cms
|
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, wh…
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2021-23259
|
2024-11-21 14:51 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195004
|
7.2 |
HIGH
Network
|
craftercms
|
crafter_cms
|
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers t…
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2021-23258
|
2024-11-21 14:51 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195005
|
9.8 |
CRITICAL
Network
|
html-to-csv_project
|
html-to-csv
|
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-23654
|
2024-11-21 14:51 |
2021-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195006
|
8.8 |
HIGH
Network
|
ui
|
unifi_protect
|
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with ma…
|
NVD-CWE-noinfo
|
CVE-2021-22957
|
2024-11-21 14:51 |
2021-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195007
|
9.0 |
CRITICAL
Network
|
quobject
|
docker-cli-js
|
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arb…
|
CWE-78
OS Command
|
CVE-2021-23732
|
2024-11-21 14:51 |
2021-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195008
|
7.5 |
HIGH
Network
|
ssrf-agent_project
|
ssrf-agent
|
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-23718
|
2024-11-21 14:51 |
2021-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195009
|
6.1 |
MEDIUM
Network
|
pekeupload_project
|
pekeupload
|
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23673
|
2024-11-21 14:51 |
2021-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195010
|
4.1 |
MEDIUM
Local
|
nvidia
|
dgx-1_p100
dgx-1_v100
dgx-2
dgx_station_a100
drive_constellation
geforce_gt_605
geforce_gt_610
geforce_gt_620
geforce_gt_625
geforce_gt_630
geforce_gt_635
geforce_gt_…
|
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and …
|
NVD-CWE-noinfo
|
CVE-2021-23219
|
2024-11-21 14:51 |
2021-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
