Export limit exceeded: 366632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366632 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23376 | 1 Ffmpegdotjs Project | 1 Ffmpegdotjs | 2024-11-21 | 9.8 Critical |
| This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23375 | 1 Psnode Project | 1 Psnode | 2024-11-21 | 7.3 High |
| This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23374 | 1 Ps-visitor Project | 1 Ps-visitor | 2024-11-21 | 7.3 High |
| This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23373 | 1 Set-deep-prop Project | 1 Set-deep-prop | 2024-11-21 | 7.5 High |
| All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality. | ||||
| CVE-2021-23372 | 1 Mongo-express Project | 1 Mongo-express | 2024-11-21 | 4.4 Medium |
| All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. | ||||
| CVE-2021-23371 | 1 Chrono-node Project | 1 Chrono-node | 2024-11-21 | 7.5 High |
| This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. | ||||
| CVE-2021-23370 | 1 Swiperjs | 1 Swiper | 2024-11-21 | 7.5 High |
| This affects the package swiper before 6.5.1. | ||||
| CVE-2021-23369 | 2 Handlebarsjs, Redhat | 5 Handlebars, Acm, Jboss Enterprise Bpms Platform and 2 more | 2024-11-21 | 5.6 Medium |
| The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | ||||
| CVE-2021-23368 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
| The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | ||||
| CVE-2021-23365 | 1 Tyk | 1 Tyk-identity-broker | 2024-11-21 | 4.8 Medium |
| The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data). | ||||
| CVE-2021-23364 | 2 Browserslist Project, Redhat | 3 Browserslist, Acm, Quay | 2024-11-21 | 5.3 Medium |
| The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | ||||
| CVE-2021-23363 | 1 Kill-by-port Project | 1 Kill-by-port | 2024-11-21 | 6.3 Medium |
| This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2021-23362 | 3 Npmjs, Redhat, Siemens | 7 Hosted-git-info, Acm, Enterprise Linux and 4 more | 2024-11-21 | 5.3 Medium |
| The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. | ||||
| CVE-2021-23360 | 1 Killport Project | 1 Killport | 2024-11-21 | 7.5 High |
| This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | ||||
| CVE-2021-23359 | 1 Port-killer Project | 1 Port-killer | 2024-11-21 | 7.5 High |
| This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | ||||
| CVE-2021-23357 | 1 Tyk | 1 Tyk | 2024-11-21 | 3.3 Low |
| All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request. | ||||
| CVE-2021-23356 | 1 Kill-process-by-name Project | 1 Kill-process-by-name | 2024-11-21 | 5.6 Medium |
| This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. | ||||
| CVE-2021-23355 | 1 Ps-kill Project | 1 Ps-kill | 2024-11-21 | 5.6 Medium |
| This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){}); | ||||
| CVE-2021-23354 | 1 Adaltas | 1 Printf | 2024-11-21 | 5.3 Medium |
| The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. | ||||
| CVE-2021-23353 | 1 Parall | 1 Jspdf | 2024-11-21 | 5.9 Medium |
| This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. | ||||