938 matches found
CVE-2024-32568
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through = 2.6.2...
Fedora 41 : lemonldap-ng (2025-3aa9a75a72)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3aa9a75a72 advisory. - SecurityCVE-2024-52948 CSRF on 2FA registration - Security Open redirect vulnerability in logout Tenable has extracted the preceding description block...
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Cybersecurity researchers have detailed a new adversary-in-the-middle AitM phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication 2FA codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French...
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
An interruption to the phishing-as-a-service PhaaS toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the Rockstar2FA group running the service experienced at least a partial collapse of its infrastructure, with page...
Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto
Malware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how…...
CVE-2024-11209
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2024-11209
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2024-11209 Apereo CAS 2FA login improper authentication
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2024-10245
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rldoajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
CVE-2024-10245 Relais 2FA <= 1.0 - Authentication Bypass
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rldoajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
CVE-2024-10245 Relais 2FA <= 1.0 - Authentication Bypass
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rldoajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
CVE-2024-10245
CVE-2024-10245 (Relais 2FA for WordPress) : The Relais 2FA plugin contains an authentication bypass in versions
WordPress Relais 2FA Plugin <= 1.0 is vulnerable to Broken Authentication
Software Relais 2FA Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 461a7cd31084 Credits István Márton...
Booking.com Phishers May Leave You With Reservations
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aim...
CVE-2024-50356
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...
CVE-2024-50356 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...
CVE-2024-50356
CVE-2024-50356 affects Press, a Frappe custom app (used with Frappe Cloud) that manages infrastructure, subscriptions and SaaS. The issue allows password resets by anyone with access to a user’s email inbox, circumventing 2FA, though logging in remains blocked for users who have 2FA enabled. A pa...
CVE-2024-50356 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...
CVE-2024-49762
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...
CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...