• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-287

CVE-2021-45914

February 23, 2023 by

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator.

CVE-2021-45915

February 23, 2023 by

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator.

CVE-2021-45917

February 23, 2023 by

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

CVE-2021-45786

February 23, 2023 by

In maccms v10, an attacker can log in through /index.php/user/login in the “col” and “openid” parameters to gain privileges.

CVE-2021-45331

February 23, 2023 by

An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.

CVE-2021-45347

February 23, 2023 by

An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 174
  • Go to page 175
  • Go to page 176
  • Go to page 177
  • Go to page 178
  • Interim pages omitted …
  • Go to page 289
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE