Oracle Linux 8 : nodejs:22 (ELSA-2026-2421)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2421 advisory. nodejs 1:22.22.0-1 - Update to 22.22.0 Resolves: RHEL-118152 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991...

AlmaLinux 8 : nodejs:22 (ALSA-2026:2421)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2421 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-5946...

RockyLinux 8 : nodejs:22 (RLSA-2026:2421)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2421 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-594...

CVE-2021-2421

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft component: Integration and Interfaces. Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-2421

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1...

CVE-2025-2421

creationtimestamp| type| source ---|---|--- 2025-05-02 12:15:26+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14470 2025-05-02 14:30:45+00:00| seen| Telegram/gpPWfjLuV20S4nQMGoLdmx6S8j9EZS2EZ0Gv11uVGyL8 2025-05-02 14:38:25+00:00| seen|...

CVE-2025-2421

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1...

CVE-2023-2421

creationtimestamp| type| source ---|---|--- 2025-01-14 17:21:54+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1543...

CVE-2022-2421

creationtimestamp| type| source ---|---|--- 2025-01-09 08:14:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/908...

CVE-2024-2421

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2421

LenelS2 NetBox

LenelS2 NetBox

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : LenelS2 Equipment : NetBox Vulnerabilities : Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Amazon Linux 2 : qt5-qtbase (ALAS-2024-2421)

The version of qt5-qtbase installed on the remote host is prior to 5.9.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2421 advisory. An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, a...

CVE-2023-2421 Control iD RHiD department cross site scripting

A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2//add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier...

CVE-2023-2421

CVE-2023-2421 affects Control iD RHiD 23.3.19.0. The vulnerability is a cross-site scripting issue in an unknown function of the file "/v2/#/add/department" where manipulation of the Name argument leads to XSS. It can be exploited remotely. Multiple sources (NVD, Red Hat, PRION, CVE lists) consis...

CVE-2023-2421 Control iD RHiD department cross site scripting

A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2//add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution due to CVE-2022-2421

Summary Socket.io.js is used by IBM App Connect Enterprise Certified Container for updating the DesignerAuthoring web console. IBM App Connect Enterprise Certified Container DesignerAuthroing operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to addre...

10cartsharing (>=1.0.0 <=1.0.3), 1api (>=0.0.1 <=0.0.2) +7956 more potentially affected by CVE-2022-2421 via socket.io-parser (>=2.2.2 <=3.3.0)

socket.io-parser NPM version =2.2.2, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =1.0.2, =1.0.1, =2.16.1, =1.0.0-RC.1, =0.1.0, =1.0.1, =1.0.3 and more Source cves: CVE-2022-2421 Source advisory: OSV:GHSA-QM95-PGCG-QQFQ...

@asigna/stx-core-sdk (=0.0.1), @casper124578/use-socket.io (>=2.1.0 <=4.1.0) +133 more potentially affected by CVE-2022-2421 via socket.io-parser (=4.1.2)

socket.io-parser NPM version =4.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @asigna/stx-core-sdk =0.0.1 - @casper124578/use-socket.io =2.1.0, =31.0.0, =34.0.0, =34.0.0, =1.0.0, =1.0.0, =1.0.1, =0.6.0,...

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2022-2421 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2022-2421 Source...