938 matches found
CVE-2023-6506
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...
CVE-2023-41904
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...
CVE-2022-28601
A Two-Factor Authentication 2FA bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism...
CVE-2022-44595
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0...
CVE-2022-44587
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...
CVE-2022-2891
The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...
CVE-2021-30120
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...
CVE-2021-3138
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms...
CVE-2024-12093 Improper Validation of Consistency within Input in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...
CVE-2019-17120
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...
CVE-2019-17117
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter...
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
CVE-2019-17116
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...
PT-2025-22486 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.1 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, where improper XPath validation allows a modified SAML...
CVE-2025-3625
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...
Joomla 4.0.x < 4.4.13 / 5.0.x < 5.2.6 Joomla 5.2.6 Security Release (5925-joomla-5-2-6-security-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.13 or 5.0.x prior to 5.2.6. It is, therefore, affected by a vulnerability. - Insufficient state checks lead to a vector that allows to bypass 2FA checks. CVE-2025-25227 Note that...
CVE-2021-41527 2FA bypass on the RISC Platform
An error related to the 2-factor authorization 2FA on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed...
CVE-2021-41527 2FA bypass on the RISC Platform
An error related to the 2-factor authorization 2FA on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed...