Check CVE Id
Check CWE Id
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
CVEMAP Search Results
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V18.104.22.168_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.
Back to Top