19 matches found
EUVD-2025-22514
Malicious code in bioql PyPI...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...
PT-2025-30666 · 2Fauth · 2Fauth
Name of the Vulnerable Software and Affected Versions: 2FAuth version 5.5.0 Description: A group deletion race condition can lead to data inconsistencies and orphaned accounts when a group is deleted while other operations are in progress. Recommendations: At the moment, there is no information...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...
CVE-2025-45731
CVE-2025-45731 relates to a group deletion race condition in the 2FAuth v5.5.0 application. The issue arises when a group is deleted while other operations are pending, leading to data inconsistencies and orphaned accounts. The connected documents confirm the affected product and the underlying c...
CVE-2024-52598
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52597
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...
CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52597 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...
CVE-2024-52597 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...
CVE-2024-52597 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...
CVE-2024-52597
2FAuth versions prior to 5.4.1 are vulnerable to stored cross-site scripting via SVG uploads. The issue arises from improper headers when direct-accessing uploaded SVGs, which can execute JS in the victim’s browser and potentially compromise the user session and access to tokens when a victim is ...
PT-2024-35394 · 2Fauth · 2Fauth
Name of the Vulnerable Software and Affected Versions: 2FAuth version 5.4.1 2FAuth versions prior to 5.4.1 Description: 2FAuth is a web application used to manage Two-Factor Authentication 2FA accounts and generate their security codes. It contains two interconnected vulnerabilities: a Server-Sid...
PT-2024-35393 · 2Fauth · 2Fauth
Name of the Vulnerable Software and Affected Versions: 2FAuth versions prior to 5.4.1 Description: The issue is related to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. An attacker can upload a malicious SVG containing JS code, which could compromise a...
CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...
CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...