Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2368

Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20.

CVE
Open in Source
#web#git

Related news

GHSA-9wqr-9787-p4rf: Bypass IP detection to brute-force password in Microweber

In the login API, an IP address will by default be blocked when the user tries to login incorrectly more than 5 times. However, a bypass to this mechanism is possible by abusing a X-Forwarded-For header to bypass IP detection and perform a password brute-force. A patch for this issue is available on the `1.2-dev` branch of the Microweber GitHub repository.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE