Lucene search
K

27 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 3:39 p.m.9 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45091

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS5.4AI score0.00326EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/06/02 4:43 p.m.103 views

Exploit for CVE-2026-45332

CVE-2026-45332 — Broken Access Control in Automad CMS Proof o...

7.5CVSS5.8AI score0.00298EPSS
Exploits1
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

7.4CVSS0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:39 p.m.9 views

CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

7.4CVSS5.8AI score0.00265EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/21 7:16 p.m.12 views

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS0.00416EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Authen::TOTP 安全特征问题漏洞

Authen::TOTP is a two-factor authentication OTP generation and verification tool developed by tchatzi’s developer. Prior to version 0.1.1 of Authen::TOTP, there were security vulnerabilities related to the use of the Perl built-in rand function for generating secrets. This function is predictable...

7.5CVSS5.8AI score0.00416EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 3:9 p.m.4 views

GHSA-X3R2-FJ3R-G5MV sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/12 3:9 p.m.18 views

EUVD-2026-29476

sealed-env: TOTP secret embedded in unseal token payload enterprise mode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/12 3:9 p.m.12 views

sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2026/05/12 2:17 p.m.48 views

CVE-2026-45091

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS0.00326EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 1:20 p.m.61 views

CVE-2026-45091 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS0.00326EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 1:20 p.m.13 views

CVE-2026-45091 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:20 p.m.6 views

CVE-2026-45091

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/12 1:20 p.m.14 views

CVE-2026-45091

CVE-2026-45091 affects sealed-env in enterprise mode prior to 0.1.0-alpha.4. In versions 0.1.0-alpha.1 to alpha.3, the operator’s literal TOTP secret was embedded in the JWS payload of every minted unseal token. The JWS payload is base64-encoded JSON, not encrypted, allowing anyone who can observ...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40032

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/05 12:28 p.m.41 views

CVE-2026-28510 elabftw allows MFA bypass during login

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS0.00254EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 12:28 p.m.20 views

CVE-2026-28510

Vulnerability summary (CVE-2026-28510): elabftw versions up to 5.4.1 fail to reliably preserve MFA state during login, allowing an attacker with valid primary credentials to complete authentication using an attacker-controlled TOTP secret and bypass the additional factor. This can lead to unautho...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37035

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.4.2 Description The login flow in this open source electronic lab notebook does not reliably preserve the multi-factor authentication state across authentication steps. An attacker possessing valid primary credentia...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References6
CVE
CVE
added 2026/01/09 4:14 p.m.19 views

CVE-2025-69425

The CVE-2025-69425 entry affects Ruckus vRIoT IoT Controller firmware before 3.0.0.0 (GA). A command execution service on TCP port 2004 runs with root privileges, authenticated by a hardcoded TOTP secret and an embedded static token. Exploitation requires credential extraction from the appliance ...

10CVSS7.7AI score0.00701EPSS
Exploits0References2
Rows per page
Query Builder