Lucene search
K

604 matches found

nvd
nvd
added 2026/03/31 3:16 p.m.7 views

CVE-2026-34224

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

4.4CVSS0.00311EPSS
Exploits0References5
cve
cve
added 2026/03/31 2:25 p.m.17 views

CVE-2026-34224

CVE-2026-34224 affects Parse Server (Node.js backend). A flaw in the authData login flow lets an attacker with a valid provider token and a single MFA recovery code or SMS OTP create multiple authenticated sessions by issuing concurrent login requests, defeating the single-use MFA guarantee and p...

4.4CVSS5.8AI score0.00311EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/03/31 2:25 p.m.2 views

CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

2.1CVSS5.8AI score0.00311EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/31 12:0 a.m.9 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.64 and 9.7.0-alpha.8. These vulnerabilities allowed attackers to send concurrent login...

4.4CVSS5.8AI score0.00311EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/03/29 12:0 a.m.9 views

PT-2026-28613

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.64 Parse Server versions prior to 9.7.0-alpha.8 Description Parse Server is an open source backend deployable on Node.js infrastructure. An attacker with a valid authentication provider token and a single MFA...

4.4CVSS5.9AI score0.00311EPSS
Exploits0References12
redhatcve
redhatcve
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.8CVSS5.9AI score0.00468EPSS
Exploits1References1
euvd
euvd
added 2026/03/27 9:31 a.m.6 views

EUVD-2026-16563

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References2
osv
osv
added 2026/03/27 9:16 a.m.19 views

ALPINE-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

5.9CVSS5.9AI score0.00338EPSS
Exploits1References1
nvd
nvd
added 2026/03/27 9:16 a.m.3 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS0.00338EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/03/27 8:10 a.m.3 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References1
cve
cve
added 2026/03/27 8:10 a.m.23 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to a replay attack under specific conditions: if auth cache is enabled and the username is altered in passdb, OTP credentials can be cached so that the same OTP response remains valid. An attacker who observes an OTP exchange can log in as the targeted use...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References1Affected Software2
cvelist
cvelist
added 2026/03/27 8:10 a.m.32 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS0.00338EPSS
Exploits1References1
debiancve
debiancve
added 2026/03/27 8:10 a.m.4 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.3AI score0.00338EPSS
Exploits1
ubuntucve
ubuntucve
added 2026/03/27 12:0 a.m.5 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References2
osv
osv
added 2026/03/26 8:56 p.m.3 views

CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.1CVSS5.9AI score0.00468EPSS
Exploits1References4
cve
cve
added 2026/03/26 8:56 p.m.20 views

CVE-2026-33640

CVE-2026-33640 – Outline : The issue affects Outline’s Email OTP login flow. Before v1.6.0, the rate limiter could be bypassed because OTP codes were not invalidated based on amount/frequency of attempts, enabling unrestricted submissions within a code’s lifetime and allowing brute‑force attacks ...

9.8CVSS5.9AI score0.00468EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/03/26 8:56 p.m.2 views

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.1CVSS5.9AI score0.00468EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2026/03/26 8:56 p.m.29 views

CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

9.1CVSS0.00468EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/26 12:0 a.m.10 views

PT-2026-28503

Name of the Vulnerable Software and Affected Versions Outline versions 0.86.0 through 1.5.9 Description Outline is a service that allows for collaborative documentation. It uses an Email OTP login flow for users not associated with an Identity Provider. Versions of Outline between 0.86.0 and 1.5....

9.1CVSS5.9AI score0.00468EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/03/26 12:0 a.m.10 views

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline from 0.86.0 to 1.6.0 have security vulnerabilities. These vulnerabilities stem from the failure to invalidate OTP codes based on the number or frequency of invalid submissions, which can lead to brute-force attacks...

9.8CVSS5.8AI score0.00468EPSS
Exploits1References2
Rows per page
Query Builder