|
200401
|
6.5 |
MEDIUM
Network
|
keymaker_project
|
keymaker
|
Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method wi…
|
-
|
CVE-2021-21269
|
2024-11-21 14:47 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200402
|
9.8 |
CRITICAL
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untru…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21242
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200403
|
9.8 |
CRITICAL
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full deta…
|
CWE-94
Code Injection
|
CVE-2021-21244
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200404
|
9.8 |
CRITICAL
Network
|
onedev_project
|
onedev
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not e…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21243
|
2024-11-21 14:47 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200405
|
8.1 |
HIGH
Network
|
adobe
|
magento
|
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitati…
|
-
|
CVE-2021-21013
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200406
|
5.3 |
MEDIUM
Network
|
adobe
|
magento_open_source
magento_commerce
|
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation c…
|
-
|
CVE-2021-21012
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200407
|
7.0 |
HIGH
Local
|
adobe
|
captivate
|
Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write t…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2021-21011
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200408
|
7.0 |
HIGH
Local
|
adobe
|
incopy
|
InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
|
-
|
CVE-2021-21010
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200409
|
8.6 |
HIGH
Network
|
adobe
|
campaign_classic
|
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side re…
|
-
|
CVE-2021-21009
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200410
|
7.0 |
HIGH
Local
|
adobe
|
animate
|
Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issu…
|
-
|
CVE-2021-21008
|
2024-11-21 14:47 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
