Skip to main content
CVE-2021-23417 CRITICAL POC Act Now

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Deepmergefn
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-23415 HIGH POC PATCH This Week

This affects the package elFinder.AspNet before 1.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Elfinder Aspnet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32000 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1;. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Enterprise Server Opensuse Factory
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-23416 MEDIUM POC This Month

This affects all versions of package curly-bracket-parser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Curly Bracket Parser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-23414 MEDIUM POC PATCH This Month

This affects the package video.js before 7.14.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Video Js Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.6%
CVE-2021-32001 MEDIUM This Month

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rancher K3S Rancher Rke2
NVD
CVSS 3.1
6.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy