Lucene search
K

2546 matches found

Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23737

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.10.8 Rocket.Chat versions prior to 7.11.5 Rocket.Chat versions prior to 7.12.5 Rocket.Chat versions prior to 7.13.4 Rocket.Chat versions prior to 8.0.2 Rocket.Chat versions prior to 8.1.1 Rocket.Chat versions...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

OneUptime 安全漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime 10.0.11 and earlier contain security vulnerabilities. These vulnerabilities stem from the WebAuthn authentication implementation, which does not...

9CVSS5.8AI score0.00276EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.18 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from authentication issues within the DDP Streamer service, where two-factor...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/05 9:14 p.m.7 views

EC-CUBE has a Vulnerability that Allows MFA Bypass in the Administrative Interface

Vulnerability Allowing MFA Bypass Affected EC-CUBE Versions Versions: 4.1.0 – 4.3.1 Vulnerability Overview If an administrator’s ID and password are compromised, an issue exists that allows an attacker to bypass the normally required two-factor authentication 2FA and log in to the administrative...

6.1AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/05 9:14 p.m.7 views

Incorrect Authorization

Overview ec-cube/ec-cube is an e-commerce solution. Affected versions of this package are vulnerable to Incorrect Authorization in the admintwofactorauthset process. An attacker can gain unauthorized access to the administrative interface and perform actions such as viewing sensitive information ...

8.6CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/05 9:14 p.m.4 views

GHSA-7RHV-H82H-VPJH EC-CUBE has a Vulnerability that Allows MFA Bypass in the Administrative Interface

Vulnerability Allowing MFA Bypass Affected EC-CUBE Versions Versions: 4.1.0 – 4.3.1 Vulnerability Overview If an administrator’s ID and password are compromised, an issue exists that allows an attacker to bypass the normally required two-factor authentication 2FA and log in to the administrative...

6.7CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2026/03/05 8:16 p.m.4 views

CVE-2026-21621

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS5.9AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 7:20 p.m.3 views

CVE-2026-21621

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS6AI score0.00323EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 7:20 p.m.10 views

CVE-2026-21621 Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS5.8AI score0.00323EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 7:20 p.m.11 views

CVE-2026-21621

CVE-2026-21621 affects the Hex.pm application (hexpm/hexpm). The vulnerability arises from the OAuth client_credentials flow in Elixir.HexpmWeb.API.OAuthController (validate_scopes_against_key/2), where a read-only API key (domain: api, resource: read) loses its scope and is issued a broad api sc...

7CVSS6AI score0.00323EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/05 7:20 p.m.6 views

EUVD-2026-9849

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS6AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2026/03/05 7:20 p.m.6 views

EEF-CVE-2026-21621 Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS6AI score0.00323EPSS
Exploits0References3
HackRead
HackRead
added 2026/03/05 12:53 p.m.8 views

Authorities Shut Down Tycoon 2FA Phishing Platform Used to Bypass MFA

Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/05 6:55 a.m.3 views

SUSE CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs' 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim's username and password, they can use any unused recovery code e.g., from their own account to...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/03/05 6:51 a.m.9 views

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks

Tycoon 2FA , one of the prominent phishing-as-a-service PhaaS toolkits that allowed cybercriminals to stage adversary-in-the-middle AitM credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit,...

6AI score
Exploits0
NVD
NVD
added 2026/03/05 6:16 a.m.15 views

CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

6.9CVSS0.00339EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:31 a.m.3 views

CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

6.9CVSS5.9AI score0.00339EPSS
Exploits0References3Affected Software3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/05 3:36 a.m.8 views

EC-CUBE vulnerable to multi-factor authentication bypass

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23497

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS6AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23136

Name of the Vulnerable Software and Affected Versions EC-CUBE affected versions not specified Description The software contains a multi-factor authentication MFA bypass. An attacker with a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References5
Rows per page
Query Builder