|
197211
|
9.8 |
CRITICAL
Network
|
apache
|
dubbo
|
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which seri…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-25641
|
2024-11-21 14:55 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197212
|
5.4 |
MEDIUM
Network
|
opennms
|
meridian
opennms
|
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25932
|
2024-11-21 14:55 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197213
|
4.9 |
MEDIUM
Network
|
couchbase
|
couchbase_server
|
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cl…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-25643
|
2024-11-21 14:55 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197214
|
9.8 |
CRITICAL
Network
|
js-extend_project
|
js-extend
|
Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25945
|
2024-11-21 14:55 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197215
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
|
CWE-352
Origin Validation Error
|
CVE-2021-26034
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197216
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
|
CWE-352
Origin Validation Error
|
CVE-2021-26033
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197217
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26032
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197218
|
9.8 |
CRITICAL
Network
|
nconf-toml_project
|
nconf-toml
|
Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25946
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197219
|
9.8 |
CRITICAL
Network
|
deep-defaults_project
|
deep-defaults
|
Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25944
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197220
|
5.4 |
MEDIUM
Network
|
opennms
|
meridian
horizon
|
In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25935
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
