Lucene search
K

2550 matches found

Spring Security Advisories
Spring Security Advisories
added 2026/02/24 12:0 a.m.7 views

This Week in Spring - February 24th, 2026

Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...

5.5AI score
Exploits0
NCSC
NCSC
added 2026/02/23 2:27 p.m.45 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

6.8CVSS8.4AI score0.05145EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/23 7:26 a.m.6 views

CVE-2026-27197

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS5.6AI score0.00435EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/21 6:51 a.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the SAML SSO authentication process. An attacker can gain unauthorized access to user accounts by leveraging a malicious SAML Identity Provider and another organization configured on the same instance. Notes: - Thi...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References2
NVD
NVD
added 2026/02/21 5:17 a.m.9 views

CVE-2026-27197

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/21 4:35 a.m.2 views

CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS5.6AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/21 4:35 a.m.24 views

CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/21 4:35 a.m.10 views

CVE-2026-27197

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/21 4:35 a.m.26 views

CVE-2026-27197

Affected product: Sentry (self-hosted) versions 21.12.0–26.1.0. Vulnerability: Critical flaw in the SAML SSO implementation that can allow an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Conditions: Self-h...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/21 4:35 a.m.7 views

CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.12 views

CVE-2025-14427

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.5 views

CVE-2025-13587

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/19 8:47 a.m.9 views

WordPress Two Factor (2FA) Authentication via Email plugin <= 1.9.8 - Two-Factor Authentication Bypass via token vulnerability

Two-Factor Authentication Bypass via token vulnerability discovered by Ulyses Saicha in WordPress Plugin Two Factor 2FA Authentication via Email versions = 1.9.8...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/19 7:17 a.m.4 views

CVE-2025-14427

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS0.00198EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-13587

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

6.5CVSS0.00361EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-14427 Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.30 views

CVE-2025-14427 Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS0.00198EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 4:36 a.m.16 views

CVE-2025-13587

CVE-2025-13587 affects the WordPress plugin “Two Factor (2FA) Authentication via Email” up to version 1.9.8. The root cause is that SS88_2FAVE::wp_login() only enforces 2FA when the 'token' parameter is undefined; providing any value (including empty) for token during login bypasses 2FA. The acco...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.28 views

CVE-2025-13587 Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

6.5CVSS0.00361EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2025-13587 Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References3
Rows per page
Query Builder