Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.7 views

CVE-2020-24655

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...

5.1CVSS6.9AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.4 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS6.5AI score0.01477EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17370

Malware in sbrugna...

5.1CVSS5.5AI score0.00225EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/08/07 12:0 a.m.6 views

The vulnerability of the final point of the application software interface of a two-factor authentication system based on generating security tokens with Twilio Authy allows a perpetrator to disclose sensitive information.

The vulnerability of the final point of the application software interface for two-factor authentication based on token generation by Twilio Authy is related to the disclosure of information due to incompatibility. Exploiting this vulnerability could allow a malicious actor to disclose the...

5.3CVSS5.8AI score0.01477EPSS
Exploits0References7Affected Software1
The Hacker News
The Hacker News
added 2024/07/24 5:56 a.m.35 views

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 CVSS score: 9.3 - Microsoft Internet Explorer Use-After-Fr...

9.3CVSS7.9AI score0.78823EPSS
Exploits12
CISA
CISA
added 2024/07/23 12:0 p.m.18 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities a...

9.3CVSS7.1AI score0.78823EPSS
In wildExploits12References7
HackRead
HackRead
added 2024/07/04 1:6 p.m.34 views

ShinyHunters Leak 33M Twilio Authy Phone Numbers, Neiman Marcus and Truist Bank Data

ShinyHunters hackers have taken responsibility for three high-profile data breaches involving Neiman Marcus, Truist Bank, and Twilio Authy,…...

7.4AI score
Exploits0
NVD
NVD
added 2024/07/02 6:15 p.m.47 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS0.01477EPSS
Exploits0References5
OSV
OSV
added 2024/07/02 6:15 p.m.6 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS5.8AI score0.01477EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/07/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-39891

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy...

5.3CVSS5.8AI score0.01477EPSS
Exploits0References1
CVE
CVE
added 2024/07/02 12:0 a.m.245 views

CVE-2024-39891

CVE-2024-39891 describes a information-disclosure bug in the Twilio Authy API: an unauthenticated endpoint accepts a stream of phone numbers and returns whether each is registered with Authy. Affected software is Twilio Authy on Android before 25.1.0 and iOS before 26.1.0. The vulnerability was e...

5.3CVSS5AI score0.01477EPSS
In wildExploits0References5Affected Software2
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.3 views

Twilio Authy API Security Vulnerability

Twilio Authy API is an authorization interface from Twilio, Inc. It is used to build two-factor authentication, passwordless login and secure authorization for developers. A security vulnerability exists in Twilio Authy API for Android versions prior to 25.1.0, Twilio Authy API for iOS versions...

5.3CVSS6.8AI score0.01477EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/02 12:0 a.m.33 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS0.01477EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/07/02 12:0 a.m.22 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS6.5AI score0.01477EPSS
In wildExploits0References5
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.9 views

PT-2024-5376 · Twilio · Twilio Authy Android +2

Name of the Vulnerable Software and Affected Versions: Twilio Authy Android versions prior to 25.1.0 Twilio Authy iOS versions prior to 26.1.0 Description: The issue concerns an unauthenticated endpoint in the Twilio Authy API that provided access to certain phone-number data. This endpoint...

5.3CVSS6.4AI score0.01477EPSS
Exploits0References12
OSV
OSV
added 2020/09/10 2:15 a.m.3 views

CVE-2020-24655

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...

5.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2020/09/10 2:15 a.m.16 views

CVE-2020-24655

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...

5.1CVSS0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/10 1:32 a.m.13 views

CVE-2020-24655

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...

5.2AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2020/09/10 1:32 a.m.39 views

CVE-2020-24655

The CVE-2020-24655 entry concerns the Twilio Authy 2-Factor Authentication Android app, affected only for versions prior to 24.3.7. A race condition could allow a user to approve or deny an access request before unlocking the app with a PIN on older Android devices, effectively bypassing the PIN ...

5.1CVSS5.1AI score0.00225EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder