|
195721
|
9.8 |
CRITICAL
Network
|
nestie_project
|
nestie
|
Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25947
|
2024-11-21 14:55 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195722
|
6.5 |
MEDIUM
Adjacent
|
fortinet
|
fortiswitch
|
A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exha…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2021-26111
|
2024-11-21 14:55 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195723
|
6.1 |
MEDIUM
Network
|
apache
|
dubbo
|
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2021-25640
|
2024-11-21 14:55 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195724
|
9.8 |
CRITICAL
Network
|
apache
|
dubbo
|
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which seri…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-25641
|
2024-11-21 14:55 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195725
|
5.4 |
MEDIUM
Network
|
opennms
|
meridian
opennms
|
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25932
|
2024-11-21 14:55 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195726
|
4.9 |
MEDIUM
Network
|
couchbase
|
couchbase_server
|
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cl…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-25643
|
2024-11-21 14:55 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195727
|
9.8 |
CRITICAL
Network
|
js-extend_project
|
js-extend
|
Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25945
|
2024-11-21 14:55 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195728
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
|
CWE-352
Origin Validation Error
|
CVE-2021-26034
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195729
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
|
CWE-352
Origin Validation Error
|
CVE-2021-26033
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195730
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26032
|
2024-11-21 14:55 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
