Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-21879: TALOS-2021-1323 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE
#vulnerability#web#windows#apple#cisco
CVE-2021-43847: Authorization Bypass Through User-Controlled Key in humhub

HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.

CVE-2021-44937: glFusion CMS 1.7.9 Arbitrary user registration vulnerability · Issue #485 · glFusion/glfusion

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.

CVE-2020-19042: CVE/XSS.md at master · zzb1999/CVE

Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.

CVE-2021-31747: Pluck 4.7.15 - Missing SSL Certificate Validation in update_applet.php · Issue #101 · pluck-cms/pluck

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.

CVE-2021-37934: CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing.