Lucene search
K

938 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.8 views

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS6.9AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.11 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.4CVSS7AI score0.01988EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.10 views

CVE-2022-28601

A Two-Factor Authentication 2FA bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism...

6.5CVSS7.1AI score0.01683EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:59 a.m.7 views

CVE-2022-44595

Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0...

5.3CVSS5.2AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.19 views

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

7.5CVSS6.9AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.13 views

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

5.9CVSS6.6AI score0.00747EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 p.m.9 views

CVE-2021-30120

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...

9.9CVSS7.1AI score0.05701EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:32 p.m.10 views

CVE-2021-3138

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms...

7.5CVSS6.8AI score0.03073EPSS
Exploits4References1
OSV
OSV
added 2025/05/22 2:32 p.m.8 views

CVE-2024-12093 Improper Validation of Consistency within Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

6.8CVSS6.5AI score0.00414EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.7 views

CVE-2019-17120

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...

6.1CVSS5.5AI score0.49955EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.7 views

CVE-2019-17117

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...

8.8CVSS8.3AI score0.01749EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.7 views

CVE-2019-17118

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...

8.8CVSS6.8AI score0.00937EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.7 views

CVE-2019-17114

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

6.1CVSS5.5AI score0.01659EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.10 views

CVE-2019-17116

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...

6.1CVSS5.5AI score0.01659EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:38 a.m.7 views

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

8.8CVSS8.5AI score0.01749EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.4 views

PT-2025-22486 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.1 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, where improper XPath validation allows a modified SAML...

6.8CVSS6AI score0.00414EPSS
Exploits1References9
OSV
OSV
added 2025/04/25 3:15 p.m.6 views

CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

7.1CVSS7.2AI score0.00356EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/08 12:0 a.m.12 views

Joomla 4.0.x < 4.4.13 / 5.0.x < 5.2.6 Joomla 5.2.6 Security Release (5925-joomla-5-2-6-security-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.13 or 5.0.x prior to 5.2.6. It is, therefore, affected by a vulnerability. - Insufficient state checks lead to a vector that allows to bypass 2FA checks. CVE-2025-25227 Note that...

7.5CVSS5.6AI score0.00378EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/07 7:44 p.m.4 views

CVE-2021-41527 2FA bypass on the RISC Platform

An error related to the 2-factor authorization 2FA on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed...

2.3CVSS6.5AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/07 7:44 p.m.12 views

CVE-2021-41527 2FA bypass on the RISC Platform

An error related to the 2-factor authorization 2FA on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed...

2.3CVSS0.00371EPSS
Exploits0References2
Rows per page
Query Builder