Lucene search
K

5102 matches found

CVE
CVE
added 2026/06/17 10:12 p.m.32 views

CVE-2024-27928

CVE-2024-27928 (Vantage6) describes a vulnerability in Vantage6 prior to 5.0.0 where an attacker with access to a user’s email can first reset the account password, then reset the 2FA token via email, effectively reducing 2FA to 1FA. This is tied to emails being used as a recovery vector and reli...

5.9CVSS5.2AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 12:40 p.m.3 views

BIT-PARSE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPasswo...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 12:16 p.m.11 views

CVE-2026-12225

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS0.00481EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/16 11:20 a.m.7 views

EUVD-2026-37066

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS5.5AI score0.00481EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 11:20 a.m.32 views

CVE-2026-12225 syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS0.00481EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 11:20 a.m.40 views

CVE-2026-12225

CVE-2026-12225 affects syracom Secure Login (2FA) for Atlassian Jira, Confluence and Bitbucket (v3.4.0.x). The vulnerability enables an authentication bypass: an attacker with valid credentials can bypass 2FA by sending requests with a crafted User-Agent (e.g., AtlassianMobileApp, JIRA), allowing...

8.7CVSS5.6AI score0.00481EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49655

Name of the Vulnerable Software and Affected Versions syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket versions 3.4.0.x Description An authentication bypass exists where an attacker with valid user credentials can circumvent the two-factor authentication 2FA flow. By...

8.7CVSS6AI score0.00481EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/12 8:12 p.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the handleLogIn and verifyPassword user...

8.2CVSS5.4AI score0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:35 p.m.9 views

CVE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and...

5.9CVSS5.2AI score0.00251EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 6:29 p.m.14 views

gorest InMemorySecret2FA race condition allows process crash via concurrent map access (CWE-362)

Vulnerability: CWE-362 — Concurrent Map Access Race Condition in InMemorySecret2FA CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization Affected Component - github.com/pilinux/gorest — Go REST API boilerplate - InMemorySecret2FA — in-memory 2FA secret store...

6AI score0.00051EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/12 6:16 p.m.14 views

CVE-2026-48558

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS0.0116EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/12 5:7 p.m.10 views

CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/12 5:7 p.m.40 views

CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS0.0116EPSS
Exploits1References3
CVE
CVE
added 2026/06/12 5:7 p.m.224 views

CVE-2026-48558

Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...

10CVSS5.5AI score0.0116EPSS
In wildExploits1References5Affected Software1
EUVD
EUVD
added 2026/06/12 3:42 p.m.10 views

EUVD-2026-36496

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.1 through 5.5.15 SimpleHelp versions 6.0 pre-release through 6.0 RC1 Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. The server fails to verify the cryptographic signature of...

10CVSS6.2AI score0.0116EPSS
Exploits1References121
Veracode
Veracode
added 2026/06/11 7:23 a.m.13 views

Authentication Bypass

Yubico java-webauthn-server is vulnerable to Authentication Bypass. The vulnerability is due to incorrect validation of a function's return value during the second-factor authentication flow, allowing attackers to bypass the intended authentication checks and impersonate legitimate users...

7.5CVSS5.5AI score0.00308EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46669

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's tryhonestpairingcheck function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...

8.7CVSS0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:9 p.m.32 views

CVE-2026-46669 `openvm-pairing` pairing check missing proper subfield check on scaling factor

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's tryhonestpairingcheck function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...

8.7CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:9 p.m.15 views

CVE-2026-46669

OpenVM-pairing vulnerability CVE-2026-46669: the openvm-pairing guest library’s try_honest_pairing_check previously did not verify that the scaling factor s lies in a proper subfield of Fp12, allowing incorrect pairing results. The issue has been patched in version 1.6.0; users should upgrade to ...

8.7CVSS5.4AI score0.00226EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder