CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43509
https://notcve.org/view.php?id=CVE-2021-43509
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Simple Client Management System versión 1.0, por medio del parámetro id en el archivo view-service.php • https://github.com/r4hn1/Simple-Client-Management-System-Exploit/blob/main/CVE-2021-43509 https://r4hn1.medium.com/journey-to-first-two-cve-by-rahul-kalnarayan-307e2e87ee26 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2021-23444 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23444
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. Esto afecta al paquete jointjs versiones anteriores a 3.4.2. Una vulnerabilidad de confusión de tipo puede conllevar a una omisión de CVE-2020-28480 cuando las claves proporcionadas por el usuario usadas en el parámetro path son arrays en la función setByPath • https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8 https://github.com/clientIO/joint/pull/1514 https://github.com/clientIO/joint/releases/tag/v3.4.2 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816 https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41317
https://notcve.org/view.php?id=CVE-2021-41317
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. XSS Hunter Express versiones anteriores al 17-09-2021, no aplica apropiadamente los requisitos de autenticación para las rutas • https://docs.google.com/document/d/12rq4YIFZLSmZlEsq7d7hYCI1qO5xyIxA1Wrs1m4y9-4/preview https://github.com/mandatoryprogrammer/xsshunter-express/commit/56bb44ed9024849f64173f71583ecb7d873baba0 https://vuln.ryotak.me/advisories/57 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21421 – ApiKey secret could be revelated on network issue
https://notcve.org/view.php?id=CVE-2021-21421
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later. node-etsy-client es un cliente API de NodeJs Etsy ReST. Las aplicaciones que usan node-etsy-client y reportan errores del cliente al usuario final también ofrecerán un valor de clave de la api. Esto se corrigió en node-etsy-client v0.3.0 y posteriores. • https://github.com/creharmony/node-etsy-client/commit/b4beb8ef080366c1a87dbf9e163051a446acaa7d https://github.com/creharmony/node-etsy-client/security/advisories/GHSA-xw22-wv29-3299 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27185
https://notcve.org/view.php?id=CVE-2021-27185
The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec. El paquete samba-client versiones anteriores a 4.0.0 para Node.js, permite una inyección de comandos debido al uso del archivo process.exec • https://advisory.checkmarx.net/advisory/CX-2021-4302 https://github.com/eflexsystems/node-samba-client/commit/5bc3bbad9b8d02243bc861a11ec73f788fbb1235 https://github.com/eflexsystems/node-samba-client/releases/tag/4.0.0 https://security.netapp.com/advisory/ntap-20210319-0002 https://www.npmjs.com/package/samba-client • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •