Lucene search
K

938 matches found

Github Security Blog
Github Security Blog
added 2024/10/24 7:7 p.m.21 views

Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Impact When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones officially documented for use with Pterodactyl will log query...

4.6CVSS6.9AI score0.0014EPSS
Exploits0References5Affected Software1
Malwarebytes
Malwarebytes
added 2024/10/15 2:4 p.m.17 views

AI scammers target Gmail accounts, say they have your death certificate

Several reputable sources are warning about a very sophisticated Artificial Intelligence AI supported type of scam that is bound to trick a lot of people into compromising their Gmail account. The most recent warning comes from CEO of Y Combinator Garry Tan who posted on X, saying the scammers...

7.2AI score
Exploits0
NVD
NVD
added 2024/10/15 2:15 a.m.24 views

CVE-2024-9687

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validatetg' action. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS0.00465EPSS
Exploits0References2
CVE
CVE
added 2024/10/15 2:3 a.m.62 views

CVE-2024-9820

CVE-2024-9820 affects the WP 2FA with Telegram WordPress plugin. Versions up to and including 3.0 store the two‑factor code in a cookie, enabling an authentication bypass for two‑factor authentication. The issue was reported with root cause a cookie‑based bypass vector and affects the WP 2FA with...

7.5CVSS7AI score0.00391EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/10/15 2:3 a.m.47 views

CVE-2024-9687

The CVE-2024-9687 vulnerability affects WP 2FA with Telegram for WordPress in versions up to 3.0. Root cause: insufficient validation of the user-controlled key on the validate_tg action, enabling authentication bypass for authenticated users with subscriber-level permissions and above to log in ...

8.8CVSS8.6AI score0.00465EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/10/15 2:3 a.m.28 views

CVE-2024-9687 WP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication Bypass

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validatetg' action. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS0.00465EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.17 views

WordPress WP 2FA with Telegram Plugin <= 3.0 is vulnerable to Broken Authentication

Software WP 2FA with Telegram Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9687 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c6f09889bfbf Credits István...

8.8CVSS6.6AI score0.00465EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.17 views

WordPress WP 2FA with Telegram Plugin <= 3.0 is vulnerable to Bypass Vulnerability

Software WP 2FA with Telegram Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-9820 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ed4d0a1bac8d Credits István Márton Required privilege...

7.5CVSS6.5AI score0.00391EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/10 12:15 a.m.11 views

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

9.1CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 2024/10/10 12:15 a.m.18 views

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

9.1CVSS0.00453EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/09 4:22 a.m.17 views

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromis...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.9 views

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

7.1AI score0.00453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.16 views

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

7.1AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2024/10/09 12:0 a.m.46 views

CVE-2024-48941

The CVE-2024-48941 entry concerns the Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket (affected version family up to 3.1.4.5). The root issue is a 2FA bypass achieved by interacting with the /rest endpoint; in default configurations, /rest is allowlisted, enabling potential by...

9.1CVSS7.1AI score0.00336EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/09 12:0 a.m.16 views

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

0.00336EPSS
Exploits0References1
CVE
CVE
added 2024/10/09 12:0 a.m.51 views

CVE-2024-48942

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket (versions 3.1.4.5 and earlier) is affected. The vulnerability allows remote attackers to brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint, with the last 30 tokens and the next 30 token...

9.1CVSS7.1AI score0.00453EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/09 12:0 a.m.19 views

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

0.00453EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 5:49 p.m.8 views

GHSA-WC43-73W7-X2F5 Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials

Preconditions - The code login method is enabled with the passwordlessenabled flag set to true . - A 2FA method such as totp is enabled. - requiredaal of the whomai check or the settings flow is set to highestavailable. AAL stands for Authenticator Assurance Levels and can range from 0 no factor ...

5.9CVSS4.7AI score0.00327EPSS
Exploits0References3
HackRead
HackRead
added 2024/09/23 12:56 p.m.18 views

Hackers Posed as Google Support to Steal $243 Million in Crypto

Hackers stole $243M from a single victim by posing as Google and Gemini support, resetting 2FA to access…...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/09/23 7:1 a.m.12 views

CVE-2024-8606 Fix 2FA bypass via RestAPI

Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...

9.2CVSS6.9AI score0.00459EPSS
Exploits0References1
Rows per page
Query Builder