Lucene search
+L

155 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-24032

Malicious code in bioql PyPI...

5.7CVSS6.3AI score0.00286EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24034

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00356EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/17 10:46 p.m.9 views

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

2.1CVSS7AI score0.00165EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/15 9:30 p.m.14 views

Liferay DXP Missing Critical Step in Authentication

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

6.5CVSS7.1AI score0.00165EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/15 9:30 p.m.7 views

GHSA-4P5R-3JMM-652Q Liferay DXP Missing Critical Step in Authentication

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

2.1CVSS7.1AI score0.00165EPSS
Exploits0References4
NVD
NVD
added 2025/09/15 9:15 p.m.6 views

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

6.5CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 8:53 p.m.3 views

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

2.1CVSS6.7AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2025/09/15 8:53 p.m.17 views

CVE-2025-43798

CVE-2025-43798 affects Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, and 7.4 GA up to update 92 (as well as 7.3 GA up to update 35). The issue is reuse of a time-based one-time password (TOTP) within its validity period, enabling an attacker who has a user’s TOTP to authenticate as that user. The c...

6.5CVSS6.7AI score0.00165EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/15 8:53 p.m.11 views

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

2.1CVSS0.00165EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-8796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under the default configuration, Devise-Two-Factor versions = 2.2.0 & = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit...

6CVSS5.6AI score0.00641EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/20 7:30 a.m.9 views

Authentication Bypass

github.com/hashicorp/vault is vulnerable to authentication bypass. The vulnerability is due to the TOTP Secrets Engine code validation endpoint allowing code reuse within its validity period, which allows an attacker to replay a previously valid code to gain unauthorized access...

6.5CVSS7.6AI score0.00356EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2025/08/15 12:0 a.m.4 views

OpenBao suffers from an unspecified vulnerability (CNVD-2025-18607)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which stems from the TOTP key engine being able to accept valid code multiple times, and no details of the vulnerability are provided at this time...

6.5CVSS7AI score0.00209EPSS
Exploits0References1
Veracode
Veracode
added 2025/08/12 12:42 p.m.6 views

Improper Authentication

github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to unexpected normalization in the underlying TOTP library, which allows an attacker to reuse a valid TOTP code multiple times instead of only once...

6.5CVSS6.9AI score0.00209EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2025/08/11 11:22 p.m.4 views

SUSE CVE-2025-55003

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

5.7CVSS6.8AI score0.00199EPSS
Exploits0References4
OSV
OSV
added 2025/08/11 5:59 p.m.8 views

GO-2025-3856 OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao

OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

5.7CVSS7AI score0.00286EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/10 12:0 a.m.3 views

PT-2025-32486

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where an authenticated user can cause a denial of service due to insufficient resource...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References7
NVD
NVD
added 2025/08/09 3:15 a.m.14 views

CVE-2025-55003

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

5.7CVSS0.00199EPSS
Exploits0References3
NVD
NVD
added 2025/08/09 3:15 a.m.8 views

CVE-2025-55000

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...

6.5CVSS0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/09 2:1 a.m.18 views

CVE-2025-55003 OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

5.7CVSS0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/09 2:1 a.m.3 views

CVE-2025-55003 OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

5.7CVSS7AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder