140 matches found
EUVD-2021-26485
Malware in sbrugna...
EUVD-2020-21517
Malware in sbrugna...
EUVD-2019-0155
Malware in sbrugna...
EUVD-2024-36571
Malicious code in bioql PyPI...
EUVD-2023-46382
Malicious code in bioql PyPI...
EUVD-2022-34575
Malicious code in bioql PyPI...
EUVD-2024-29047
Malicious code in bioql PyPI...
CVE-2025-53545 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...
CVE-2025-53545 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...
About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)
About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...
CVE-2024-48941
The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...
CVE-2023-41904
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...
CVE-2021-30120
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...
CVE-2021-3138
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms...
CVE-2024-12093 Improper Validation of Consistency within Input in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...
Joomla 4.0.x < 4.4.13 / 5.0.x < 5.2.6 Joomla 5.2.6 Security Release (5925-joomla-5-2-6-security-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.13 or 5.0.x prior to 5.2.6. It is, therefore, affected by a vulnerability. - Insufficient state checks lead to a vector that allows to bypass 2FA checks. CVE-2025-25227 Note that...
CVE-2021-41527 2FA bypass on the RISC Platform
An error related to the 2-factor authorization 2FA on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed...
CVE-2024-50356 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...
CVE-2024-50356 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...
CVE-2024-50356
CVE-2024-50356 affects Press, a Frappe custom app (used with Frappe Cloud) that manages infrastructure, subscriptions and SaaS. The issue allows password resets by anyone with access to a user’s email inbox, circumventing 2FA, though logging in remains blocked for users who have 2FA enabled. A pa...