EUVD-2025-6714

Malicious code in bioql PyPI...

CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

CVE-2025-30236

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code skipping a password check if an HTTP POST request contains a SESSION parameter...

CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

CVE-2025-30236

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code skipping a password check if an HTTP POST request contains a SESSION parameter...

CVE-2025-30236

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code skipping a password check if an HTTP POST request contains a SESSION parameter...

CVE-2025-30235

The CVE-2025-30235 entry concerns Shearwater SecurEnvoy SecurAccess Enrol prior to version 9.4.515. The vulnerability arises from improper handling of concurrent authentication attempts, allowing hundreds of failed logins before detection rather than limiting to the intended threshold of 10. This...

CVE-2025-30236

CVE-2025-30236 affects Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515. A POST request containing a SESSION parameter can bypass the password check and authenticate with a six‑digit TOTP code, enabling potential unauthorized access. The CVSS 3.1 base score is 8.6 (HIGH) with network attack...

CVE-2025-30236

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code skipping a password check if an HTTP POST request contains a SESSION parameter...

CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

Shearwater SecurEnvoy SecurAccess Enrol 安全漏洞

Shearwater SecurEnvoy SecurAccess Enrol is a zero-trust security solution from Shearwater SecurEnvoy. A security vulnerability exists in Shearwater SecurEnvoy SecurAccess Enrol versions prior to 9.4.515, which stems from authentication by only a six-digit TOTP code...