Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.
NVD-CWE-Other
CVE-2021-20087
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.
CVE-2021-20088
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.
CVE-2021-20089
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.
CVE-2021-20050
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
CVE-2021-20081
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.