155 matches found
EUVD-2025-24032
Malicious code in bioql PyPI...
EUVD-2025-24034
Malicious code in bioql PyPI...
CVE-2025-43798
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...
Liferay DXP Missing Critical Step in Authentication
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...
GHSA-4P5R-3JMM-652Q Liferay DXP Missing Critical Step in Authentication
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...
CVE-2025-43798
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...
CVE-2025-43798
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...
CVE-2025-43798
CVE-2025-43798 affects Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, and 7.4 GA up to update 92 (as well as 7.3 GA up to update 35). The issue is reuse of a time-based one-time password (TOTP) within its validity period, enabling an attacker who has a user’s TOTP to authenticate as that user. The c...
CVE-2025-43798
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...
Linux Distros Unpatched Vulnerability : CVE-2024-8796
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under the default configuration, Devise-Two-Factor versions = 2.2.0 & = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit...
Authentication Bypass
github.com/hashicorp/vault is vulnerable to authentication bypass. The vulnerability is due to the TOTP Secrets Engine code validation endpoint allowing code reuse within its validity period, which allows an attacker to replay a previously valid code to gain unauthorized access...
OpenBao suffers from an unspecified vulnerability (CNVD-2025-18607)
OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which stems from the TOTP key engine being able to accept valid code multiple times, and no details of the vulnerability are provided at this time...
Improper Authentication
github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to unexpected normalization in the underlying TOTP library, which allows an attacker to reuse a valid TOTP code multiple times instead of only once...
SUSE CVE-2025-55003
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...
GO-2025-3856 OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao
OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
PT-2025-32486
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where an authenticated user can cause a denial of service due to insufficient resource...
CVE-2025-55003
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...
CVE-2025-55000
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...
CVE-2025-55003 OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...
CVE-2025-55003 OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...