|
194921
|
8.8 |
HIGH
Network
|
atlassian
|
connect_spring_boot
|
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for buildi…
|
CWE-287
Improper Authentication
|
CVE-2021-26077
|
2024-11-21 14:55 |
2021-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194922
|
6.1 |
MEDIUM
Network
|
livinglogic
|
xist4c
|
LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26123
|
2024-11-21 14:55 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194923
|
6.1 |
MEDIUM
Network
|
livinglogic
|
xist4c
|
LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26122
|
2024-11-21 14:55 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194924
|
8.8 |
HIGH
Network
|
libreoffice
|
libreoffice
|
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist …
|
NVD-CWE-Other
|
CVE-2021-25631
|
2024-11-21 14:55 |
2021-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194925
|
9.8 |
CRITICAL
Network
|
chinamobile
|
an_lianbao_wf-1_firmware
|
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.
|
CWE-77
Command Injection
|
CVE-2021-25812
|
2024-11-21 14:55 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194926
|
7.5 |
HIGH
Network
|
mercusys
|
mercury_x18g_firmware
|
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device …
|
NVD-CWE-noinfo
|
CVE-2021-25811
|
2024-11-21 14:55 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194927
|
6.1 |
MEDIUM
Network
|
mercusys
|
mercury_x18g_firmware
|
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25810
|
2024-11-21 14:55 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194928
|
9.8 |
CRITICAL
Network
|
minthcm
|
minthcm
|
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
|
CWE-521
Weak Password Requirements
|
CVE-2021-25839
|
2024-11-21 14:55 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194929
|
6.1 |
MEDIUM
Network
|
minthcm
|
minthcm
|
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25838
|
2024-11-21 14:55 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194930
|
9.8 |
CRITICAL
Network
|
manta
|
safe-obj
|
Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25928
|
2024-11-21 14:55 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
