Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-43616
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS Score
9.0
EPSS Score
0.008
Published
2021-11-13
CVE-2021-41653
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVSS Score
9.8
EPSS Score
0.919
Published
2021-11-13
CVE-2021-3683
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
5.4
EPSS Score
0.001
Published
2021-11-13
CVE-2021-3775
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-13
CVE-2021-3776
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-13
CVE-2021-3915
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
CVSS Score
7.6
EPSS Score
0.003
Published
2021-11-13
CVE-2021-3932
twill is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
6.3
EPSS Score
0.001
Published
2021-11-13
CVE-2021-3938
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
3.9
EPSS Score
0.002
Published
2021-11-13
CVE-2021-3945
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
8.8
EPSS Score
0.004
Published
2021-11-13
CVE-2021-3918
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Score
9.8
EPSS Score
0.012
Published
2021-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved