|
200531
|
8.3 |
HIGH
Network
|
mechanize_project
fedoraproject
debian
|
mechanize
fedora
debian_linux
|
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versi…
|
CWE-78
OS Command
|
CVE-2021-21289
|
2024-11-21 14:47 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200532
|
6.8 |
MEDIUM
Adjacent
|
docker
debian
netapp
|
docker
debian_linux
e-series_santricity_os_controller
|
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns…
|
CWE-22
Path Traversal
|
CVE-2021-21284
|
2024-11-21 14:47 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200533
|
7.7 |
HIGH
Network
|
minio
|
minio
|
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target ap…
|
-
|
CVE-2021-21287
|
2024-11-21 14:47 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200534
|
8.8 |
HIGH
Network
|
wwbn
|
avideo
|
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables…
|
-
|
CVE-2021-21286
|
2024-11-21 14:47 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200535
|
8.8 |
HIGH
Network
|
peerigon
|
angular-expressions
|
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code…
|
CWE-94
Code Injection
|
CVE-2021-21277
|
2024-11-21 14:47 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200536
|
9.3 |
CRITICAL
Network
|
polrproject
|
polr
|
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existi…
|
-
|
CVE-2021-21276
|
2024-11-21 14:47 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200537
|
5.0 |
MEDIUM
Network
|
openhab
|
openhab
|
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the sam…
|
-
|
CVE-2021-21266
|
2024-11-21 14:47 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200538
|
6.5 |
MEDIUM
Network
|
ckeditor
|
ckeditor5
|
CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of serv…
|
-
|
CVE-2021-21254
|
2024-11-21 14:47 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200539
|
9.8 |
CRITICAL
Network
|
rsshub
|
rsshub
|
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Func…
|
-
|
CVE-2021-21278
|
2024-11-21 14:47 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200540
|
5.4 |
MEDIUM
Network
|
flarum
|
sticky
|
Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14…
|
-
|
CVE-2021-21283
|
2024-11-21 14:47 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
