Lucene search
K

5 matches found

OSV
OSV
added 2026/02/27 9:26 p.m.27 views

GHSA-282G-FHMX-XF54 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...

8.2CVSS7AI score0.00176EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/26 3:13 a.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the UpdateHumanUser API. An attacker can bypass proper verification of email or phone by directly setting the verification flag without completing the intended verification process. This may allow unauthorized...

8.2CVSS6AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.12 views

CVE-2022-28601

A Two-Factor Authentication 2FA bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism...

6.5CVSS7.1AI score0.01683EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/05/10 9:15 p.m.3 views

CVE-2022-28601

A Two-Factor Authentication 2FA bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism...

6.5CVSS6.7AI score0.01683EPSS
Exploits1References3
CVE
CVE
added 2022/05/10 8:42 p.m.87 views

CVE-2022-28601

CVE-2022-28601 concerns the Simple 2FA Plugin for Moodle by LMS Doctor. A 2FA bypass exists: remote attackers can overwrite the phone number used for confirmation via profile.php, thus bypassing the phone verification mechanism. The affected component is the Moodle plugin’s 2FA handling; the root...

6.5CVSS6.5AI score0.01683EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder