Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-43628: SQL Injection vulnerability via the "email" parameter in hms-staff.php · Issue #2 · projectworldsofficial/hospital-management-system-in-php

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.

CVE
#sql#vulnerability#web#windows#apple
CVE-2021-43847: Authorization Bypass Through User-Controlled Key in humhub

HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.

CVE-2021-44937: glFusion CMS 1.7.9 Arbitrary user registration vulnerability · Issue #485 · glFusion/glfusion

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.

CVE-2020-19042: CVE/XSS.md at master · zzb1999/CVE

Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.

CVE-2021-31747: Pluck 4.7.15 - Missing SSL Certificate Validation in update_applet.php · Issue #101 · pluck-cms/pluck

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.

CVE-2021-37934: CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing.