CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

334 matches found

VulnCheck KEV•added 2021/06/29 12:0 a.m.•0 views

VulnCheck KEV: CVE-2021-35941

Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472...

10CVSS7.2AI score0.07875EPSS

Exploits1References1

Github Security Blog•added 2021/06/28 6:20 p.m.•40 views

Internal hidden fields are visible on to many associations in admin api

Impact The admin api has exposed some internal hidden fields when an association has been loaded with a to many reference Patches We recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview...

2.6AI score

Exploits0References2Affected Software2

OSV•added 2021/06/28 6:20 p.m.•11 views

GHSA-GPMH-G94G-QRHR Internal hidden fields are visible on to many associations in admin api

4.9CVSS5AI score0.00308EPSS

Exploits0References1

NVD•added 2021/06/24 9:15 p.m.•9 views

CVE-2021-32716

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the...

4.9CVSS0.00308EPSS

Exploits0References3

OSV•added 2021/06/24 9:15 p.m.•7 views

CVE-2021-32716

4.9CVSS6.8AI score

Exploits0References3

Prion•added 2021/06/24 9:15 p.m.•6 views

Code injection

4CVSS5AI score0.00308EPSS

Exploits0References3Affected Software1

Cvelist•added 2021/06/24 9:5 p.m.•9 views

CVE-2021-32716 Internal hidden fields are visible on to many associations in admin api

4.4CVSS5.4AI score0.00308EPSS

Exploits0References3

CVE•added 2021/05/20 3:25 p.m.•61 views

CVE-2020-35580

Summary: CVE-2020-35580 is a local file inclusion vulnerability in the SearchBlox FileServlet (versions before 9.2.2). The issue allows remote, unauthenticated attackers to read arbitrary files from the OS (via /searchblox/servlet/FileServlet?col=url=) and may expose the SearchBlox configuration ...

7.5CVSS7.3AI score0.83418EPSS

In wildExploits1References2Affected Software1

NVD•added 2021/02/26 5:15 p.m.•15 views

CVE-2021-21297

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...

7.7CVSS0.0023EPSS

Exploits0References4

OSV•added 2021/02/26 5:15 p.m.•12 views

CVE-2021-21297

6.5CVSS6.4AI score

Exploits0References4

Github Security Blog•added 2021/02/26 4:31 p.m.•26 views

Prototype Pollution in Node-Red

Impact Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. Patches The vulnerability is patched in the...

7.7CVSS1.6AI score0.0023EPSS

Exploits0References6Affected Software1

OSV•added 2021/02/26 4:31 p.m.•1 views

GHSA-XP9C-82X8-7F67 Prototype Pollution in Node-Red

7.7CVSS5.9AI score0.0023EPSS

Exploits0References6

Node.js•added 2021/02/26 4:26 p.m.•41 views

Prototype Pollution

Overview Impact Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. Workarounds A workaround is to...

4CVSS3.3AI score0.0023EPSS

Exploits0Affected Software1

Cvelist•added 2021/02/26 4:20 p.m.•15 views

CVE-2021-21297 Prototype Pollution in Node-Red

7.7CVSS7.7AI score0.0023EPSS

Exploits0References4

CVE•added 2021/02/26 4:20 p.m.•59 views

CVE-2021-21297

Node-RED CVE-2021-21297 affects Node-RED 1.2.7 and earlier, with a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object, potentially altering Node-RED runtime behavior. The issue is fixed in version 1.2.8; a practical...

7.7CVSS6.5AI score0.0023EPSS

Exploits0References4Affected Software1

CNNVD•added 2021/02/26 12:0 a.m.•3 views

Node-Red Security Vulnerabilities

Node-Red is an open source stream-based visual programming development tool for connecting hardware devices, APIs and online services together as part of the Internet of Things. Node-Red has a security vulnerability that stems from the admin API containing a Prototype Pollution vulnerability. An...

7.7CVSS6.8AI score0.0023EPSS

Exploits0References5

OSV•added 2020/12/07 8:15 p.m.•20 views

CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

6.5CVSS6.7AI score

Exploits0References2

NVD•added 2020/12/07 8:15 p.m.•19 views

CVE-2020-13945

6.5CVSS6.4AI score0.93434EPSS

Exploits5References2

Prion•added 2020/12/07 8:15 p.m.•14 views

Design/Logic Flaw

4CVSS6.6AI score0.93434EPSS

Exploits5References2Affected Software1

Cvelist•added 2020/12/07 7:4 p.m.•20 views

CVE-2020-13945