Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-23403PUBLISHED: 2021-07-02
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.
Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emiss…
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 18.104.22.168 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel’s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can e…