|
194671
|
9.8 |
CRITICAL
Network
|
talkyard
|
talkyard
|
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the …
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-25981
|
2024-11-21 14:55 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194672
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while u…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25993
|
2024-11-21 14:55 |
2021-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194673
|
7.3 |
HIGH
Network
|
if-me
|
ifme
|
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete …
|
NVD-CWE-Other
|
CVE-2021-25991
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194674
|
5.4 |
MEDIUM
Network
|
if-me
|
ifme
|
In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25990
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194675
|
5.4 |
MEDIUM
Network
|
if-me
|
ifme
|
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for …
|
CWE-79
Cross-site Scripting
|
CVE-2021-25989
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194676
|
5.4 |
MEDIUM
Network
|
if-me
|
ifme
|
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25988
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194677
|
3.3 |
LOW
Local
|
samsung
|
pay
|
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
|
NVD-CWE-Other
|
CVE-2021-25527
|
2024-11-21 14:55 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194678
|
5.5 |
MEDIUM
Local
|
samsung
|
blockchain_wallet
|
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
|
NVD-CWE-Other
|
CVE-2021-25526
|
2024-11-21 14:55 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194679
|
6.5 |
MEDIUM
Adjacent
|
samsung
|
pay
|
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2021-25525
|
2024-11-21 14:55 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194680
|
3.3 |
LOW
Local
|
samsung
|
contacts
|
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2021-25524
|
2024-11-21 14:55 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
