818 matches found
Microsoft Authenticator Information Disclosure Vulnerability
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
KLA90927 OSI vulnerability in Microsoft Apps
An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2026-26123 Exploitation CVE list CVE-2026-26123 high Solution Install necessary updates from t...
Microsoft Authenticator 安全漏洞
Microsoft Authenticator is an application for multi-factor authentication developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Authenticator. Attackers can exploit this vulnerability to obtain sensitive information. The following products and...
PT-2026-24376
Name of the Vulnerable Software and Affected Versions Microsoft Authenticator affected versions not specified Description A condition exists where an unauthorized attacker can disclose information locally. The issue relates to Cwe not being in rca categories. Recommendations At the moment, there ...
CVE-2025-15370
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370
CVE-2025-15370 affects Shield: Blocks Bots, Protects Users, and Prevents Security Breaches (WordPress Shield Security plugin) up to version 21.0.9. The issue is an Insecure Direct Object Reference via MfaGoogleAuthToggle that allows authenticated attackers with Subscriber-level access and above t...
CVE-2025-15370 Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370 Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
PT-2026-3215
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
WordPress Plugin Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MiracleLinux 4 : tomcat6-6.0.24-57.AXS4 (AXSA:2013-491:04)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-491:04 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...
WordPress Shield Security plugin <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Disable Google Authenticator vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.9...
QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials
FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...
CVE-2022-0229
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...
CVE-2022-0875
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...
CVE-2022-35290
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...
CVE-2023-25574
jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...
CVE-2025-54745
Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...