CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2 days ago•6 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

8.1CVSS0.00185EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-39456

5.9CVSS6AI score0.00154EPSS

ATTACKERKB•added 2 days ago•3 views

CVE-2026-54040

5.9CVSS6AI score0.00154EPSS

Exploits0References2Affected Software1

Cvelist•added 2 days ago•28 views

CVE-2026-54040 LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

5.9CVSS0.00154EPSS

CVE•added 2 days ago•7 views

CVE-2026-54040

Summary of the CVE-2026-54040 (LibreChat) : The vulnerability affects LibreChat builds prior to 0.8.4-rc1, in the 2FA flow. The POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker who has...

5.9CVSS6AI score0.00154EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-39454

5.3CVSS6AI score0.00185EPSS

RedhatCVE•added 2026/06/06 6:43 p.m.•8 views

CVE-2026-45749

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /users/totp/disable and POST /users/totp/backup-codes endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical...

RedhatCVE•added 2026/06/05 7:17 p.m.•8 views

CVE-2026-33667

OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirmotp action of the twofactorauthentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing bruteforceblockafterfailedlogins setting...

7.4CVSS5.4AI score0.00296EPSS

NVD•added 2026/06/05 6:17 p.m.•12 views

CVE-2026-45749

8.1CVSS0.00324EPSS

Cvelist•added 2026/06/05 6:5 p.m.•31 views

CVE-2026-45749 Termix's TOTP two-factor authentication can be disabled or bypassed using only the account password

8.1CVSS0.00324EPSS

Vulnrichment•added 2026/06/05 6:5 p.m.•9 views

CVE-2026-45749 Termix's TOTP two-factor authentication can be disabled or bypassed using only the account password

EUVD•added 2026/06/05 6:5 p.m.•10 views

EUVD-2026-34877

ATTACKERKB•added 2026/06/05 6:5 p.m.•6 views

CVE-2026-45749

Exploits1References3Affected Software1

CNNVD•added 2026/06/05 12:0 a.m.•6 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the POST /users/totp/disable and POST /users/totp/backup-codes endpoints only accepted the...

Positive Technologies•added 2026/06/05 12:0 a.m.•13 views

PT-2026-47021

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The endpoints "/users/totp/disable" and "/users/totp/backup-codes" allow MFA-critical...

Cvelist•added 2026/05/08 10:54 p.m.•41 views

Exploits1References6

CVE-2026-42452 Termix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

8.1CVSS0.00306EPSS

Exploits0References2

NVD•added 2026/04/15 7:16 p.m.•8 views

CVE-2026-33667

7.4CVSS0.00296EPSS