|
194711
|
8.0 |
HIGH
Network
|
arangodb
|
arangodb
|
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malici…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-25940
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194712
|
8.1 |
HIGH
Network
|
dotnetfoundation
|
piranha_cms
|
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting…
|
CWE-352
Origin Validation Error
|
CVE-2021-25976
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194713
|
8.8 |
HIGH
Network
|
talkyard
|
talkyard
|
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, …
|
CWE-74
Injection
|
CVE-2021-25980
|
2024-11-21 14:55 |
2021-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194714
|
5.4 |
MEDIUM
Network
|
publify_project
|
publify
|
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uplo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25975
|
2024-11-21 14:55 |
2021-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194715
|
5.4 |
MEDIUM
Network
|
publify_project
|
publify
|
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25974
|
2024-11-21 14:55 |
2021-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194716
|
9.8 |
CRITICAL
Network
|
apostrophecms
|
apostrophecms
|
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third…
|
-
|
CVE-2021-25979
|
2024-11-21 14:55 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194717
|
5.4 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
|
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once vie…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25978
|
2024-11-21 14:55 |
2021-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194718
|
7.1 |
HIGH
Local
|
samsung
|
samsung_flow
|
A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders.
|
CWE-20
Improper Input Validation
|
CVE-2021-25509
|
2024-11-21 14:55 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194719
|
9.8 |
CRITICAL
Network
|
samsung
|
smartthings
|
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
|
CWE-269
Improper Privilege Management
|
CVE-2021-25508
|
2024-11-21 14:55 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194720
|
5.7 |
MEDIUM
Adjacent
|
samsung
|
samsung_flow
|
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure F…
|
NVD-CWE-Other
|
CVE-2021-25507
|
2024-11-21 14:55 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
