Lucene search
K

75 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/07 4:0 p.m.11 views

World Passkey Day: Advancing passwordless authentication

World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/23 12:3 p.m.7 views

On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

5.7AI score
Exploits0
NVD
NVD
added 2025/10/30 10:15 p.m.9 views

CVE-2024-14006

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...

8.8CVSS0.00433EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.10 views

PT-2025-44505

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.2.2 Description The application does not properly validate the user-supplied HTTP Host header when constructing URLs. This can allow a remote, unauthenticated attacker to inject a crafted Host header,...

8.8CVSS6.7AI score0.00433EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/24 9:16 p.m.4 views

CVE-2025-34293 GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...

8.6CVSS6.4AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-23348

Malware in sbrugna...

6.1CVSS6.2AI score0.00723EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53713

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00376EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32088

Malicious code in bioql PyPI...

9.1CVSS9.2AI score0.00403EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54595

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00585EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42679

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00493EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/08/05 4:15 p.m.10 views

HackerOne: DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API

The GraphQL API's 'verifyAccountRecoveryPhoneNumber' mutation was found to be vulnerable to denial-of-service attacks through mutation aliasing. The vulnerability allowed multiple aliases of the same mutation to be included in a single request, causing the server to process each mutation...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/24 7:12 p.m.16 views

CVE-2024-6914

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS7AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.8 views

CVE-2024-47768

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

8.1CVSS7AI score0.00493EPSS
Exploits0
NVD
NVD
added 2025/05/22 7:15 p.m.24 views

CVE-2024-6914

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS0.00585EPSS
Exploits0References2
OSV
OSV
added 2025/05/22 7:15 p.m.4 views

CVE-2024-6914

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/22 6:26 p.m.16 views

CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS9.7AI score0.00585EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/22 6:26 p.m.33 views

CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS0.00585EPSS
Exploits0References2
CVE
CVE
added 2025/05/22 6:26 p.m.72 views

CVE-2024-6914

Affected products. WSO2 products (notably API Manager, Identity Server and related Open Banking variants) are affected by CVE-2024-6914 due to a business logic flaw in the account recovery-related SOAP admin service. Vulnerability and root cause. An incorrect authorization flow in the account rec...

9.8CVSS9.4AI score0.00585EPSS
Exploits0References2Affected Software6
The Hacker News
The Hacker News
added 2025/04/30 11:26 a.m.13 views

[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats

How Many Gaps Are Hiding in Your Identity System? It's not just about logins anymore. Today's attackers don't need to "hack" in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed...

7.3AI score
Exploits0
Snyk
Snyk
added 2025/04/08 2:50 p.m.4 views

Information Exposure

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Information Exposure via the store-api endpoint. An attacker can determine if an email address is registered by observing the response from the /store-api/account/recovery-password...

6.9CVSS6.9AI score0.00347EPSS
Exploits1References2
Rows per page
Query Builder