Search Results | AttackerKB

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Moderate

CVE-2015-9251

Disclosure Date: January 18, 2018 (last updated November 08, 2023)

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Attacker Value

Moderate

CVE-2024-21413

Disclosure Date: February 13, 2024 (last updated January 12, 2025)

Microsoft Outlook Remote Code Execution Vulnerability

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

High

CVE-2022-30174

Disclosure Date: June 15, 2022 (last updated November 29, 2024)

Microsoft Office Remote Code Execution Vulnerability

Attacker Value

Unknown

CVE-2023-21735

Disclosure Date: January 10, 2023 (last updated February 24, 2025)

Microsoft Office Remote Code Execution Vulnerability

Attack Vector: Local Privileges: None User Interaction: Required

Attacker Value

High

CVE-2021-40438

Disclosure Date: September 16, 2021 (last updated February 23, 2025)

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Attack Vector: Network Privileges: None User Interaction: None

3,333 Total Results

Displaying 1-10 of 3,333

Very High

Very High

High

Low

Low

Moderate

Moderate

High

Unknown

High

Quick Cookie Notification