|
196551
|
9.8 |
CRITICAL
Network
|
appwrite
litespeed.js_project
|
appwrite
litespeed.js
|
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23682
|
2024-11-21 14:51 |
2022-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196552
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of ar…
|
NVD-CWE-noinfo
|
CVE-2021-23555
|
2024-11-21 14:51 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196553
|
7.5 |
HIGH
Network
|
fastify
|
fastify-multipart
|
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://s…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23597
|
2024-11-21 14:51 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196554
|
7.8 |
HIGH
Local
|
intel
|
advisor
|
Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
NVD-CWE-Other
|
CVE-2021-23152
|
2024-11-21 14:51 |
2022-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196555
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.
|
CWE-352
Origin Validation Error
|
CVE-2021-22954
|
2024-11-21 14:51 |
2022-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196556
|
9.8 |
CRITICAL
Network
|
skratchdot
|
object-path-set
|
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23507
|
2024-11-21 14:51 |
2022-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196557
|
9.8 |
CRITICAL
Network
|
set_project
|
set
|
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomple…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23497
|
2024-11-21 14:51 |
2022-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196558
|
9.8 |
CRITICAL
Network
|
putil-merge_project
|
putil-merge
|
This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23470
|
2024-11-21 14:51 |
2022-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196559
|
7.8 |
HIGH
Local
|
juce
|
juce
|
This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic l…
|
CWE-59
Link Following
|
CVE-2021-23521
|
2024-11-21 14:51 |
2022-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196560
|
9.8 |
CRITICAL
Network
|
juce
|
juce
|
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability…
|
CWE-22
Path Traversal
|
CVE-2021-23520
|
2024-11-21 14:51 |
2022-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
