Lucene search
K

938 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 6:53 a.m.7 views

CVE-2024-32568

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through = 2.6.2...

7.1CVSS5.9AI score0.00409EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/31 12:0 a.m.3 views

Fedora 41 : lemonldap-ng (2025-3aa9a75a72)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3aa9a75a72 advisory. - SecurityCVE-2024-52948 CSRF on 2FA registration - Security Open redirect vulnerability in logout Tenable has extracted the preceding description block...

5.5AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/01/17 10:7 a.m.8 views

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Cybersecurity researchers have detailed a new adversary-in-the-middle AitM phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication 2FA codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/23 11:21 a.m.7 views

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

An interruption to the phishing-as-a-service PhaaS toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the Rockstar2FA group running the service experienced at least a partial collapse of its infrastructure, with page...

7.2AI score
Exploits0
HackRead
HackRead
added 2024/11/22 11:45 a.m.8 views

Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto

Malware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how…...

7.2AI score
Exploits0
NVD
NVD
added 2024/11/14 2:15 p.m.11 views

CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

9.8CVSS0.00603EPSS
Exploits1References4
OSV
OSV
added 2024/11/14 2:15 p.m.5 views

CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

9.8CVSS6.7AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/14 1:31 p.m.10 views

CVE-2024-11209 Apereo CAS 2FA login improper authentication

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

6.5CVSS6.4AI score0.00603EPSS
Exploits1References4
NVD
NVD
added 2024/11/12 10:15 a.m.24 views

CVE-2024-10245

The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rldoajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...

9.8CVSS0.01162EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/12 9:30 a.m.16 views

CVE-2024-10245 Relais 2FA <= 1.0 - Authentication Bypass

The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rldoajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...

9.8CVSS9.6AI score0.01162EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/12 9:30 a.m.32 views

CVE-2024-10245 Relais 2FA <= 1.0 - Authentication Bypass

The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rldoajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...

9.8CVSS0.01162EPSS
Exploits1References2
CVE
CVE
added 2024/11/12 9:30 a.m.72 views

CVE-2024-10245

CVE-2024-10245 (Relais 2FA for WordPress) : The Relais 2FA plugin contains an authentication bypass in versions

9.8CVSS9.6AI score0.01162EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.18 views

WordPress Relais 2FA Plugin <= 1.0 is vulnerable to Broken Authentication

Software Relais 2FA Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 461a7cd31084 Credits István Márton...

9.8CVSS6.8AI score0.01162EPSS
Exploits1References2Affected Software1
Krebs on Security
Krebs on Security
added 2024/11/01 9:12 p.m.15 views

Booking.com Phishers May Leave You With Reservations

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aim...

7.2AI score
Exploits0
NVD
NVD
added 2024/10/31 6:15 p.m.25 views

CVE-2024-50356

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...

0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/31 6:2 p.m.30 views

CVE-2024-50356 Press has a potential 2FA bypass

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...

0.00361EPSS
Exploits0References2
CVE
CVE
added 2024/10/31 6:2 p.m.51 views

CVE-2024-50356

CVE-2024-50356 affects Press, a Frappe custom app (used with Frappe Cloud) that manages infrastructure, subscriptions and SaaS. The issue allows password resets by anyone with access to a user’s email inbox, circumventing 2FA, though logging in remains blocked for users who have 2FA enabled. A pa...

3.9AI score0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/31 6:2 p.m.22 views

CVE-2024-50356 Press has a potential 2FA bypass

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...

6.9AI score0.00361EPSS
Exploits0References2
NVD
NVD
added 2024/10/24 10:15 p.m.41 views

CVE-2024-49762

Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...

4.6CVSS0.0014EPSS
Exploits0References3
OSV
OSV
added 2024/10/24 9:39 p.m.19 views

CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...

4.6CVSS6.8AI score0.0014EPSS
Exploits0References5
Rows per page
Query Builder