Lucene search
K

2547 matches found

Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20617

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 6:24 p.m.5 views

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

4.9CVSS5.8AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 4:45 p.m.21 views

CVE-2026-20138 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

6.8CVSS0.0031EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 6:9 p.m.4 views

GO-2026-4449 Gogs Vulnerable to 2FA Bypass via Recovery Code in gogs.io/gogs

Gogs Vulnerable to 2FA Bypass via Recovery Code in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...

8.8CVSS5.6AI score0.00424EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/02/13 11:25 a.m.9 views

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters ID: jkphinfhmfkckkcnifhjiplhfoiefffl, is marketed as a way to scrape Meta...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.7 views

GitLab 13.1 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-11984)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAut...

6.8CVSS5.7AI score0.00274EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.12 views

GitLab 18.6 < 18.6.4 / 18.7 < 18.7.2 / 18.8 < 18.8.2 (CVE-2026-0723)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge ...

7.4CVSS5.7AI score0.00832EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.5 views

CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

8.8CVSS5.4AI score0.00424EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 6:15 p.m.7 views

CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

8.8CVSS0.00424EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 5:54 p.m.4 views

GHSA-P6X6-9MX6-26WJ Gogs Vulnerable to 2FA Bypass via Recovery Code

Contact OpenAI Security Research at [email protected] to engage on this report. See PDF report for easier reading. Security Advisory: 2FA Bypass via Recovery Code Vulnerability Type: 2FA Authentication Bypass Affected Software: GOGS Severity: High Date: Aug 5, 2025 Discoverer: OpenAI...

7.7CVSS5.8AI score0.00424EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/06 5:54 p.m.132 views

Gogs Vulnerable to 2FA Bypass via Recovery Code

Contact OpenAI Security Research at [email protected] to engage on this report. See PDF report for easier reading. Security Advisory: 2FA Bypass via Recovery Code Vulnerability Type: 2FA Authentication Bypass Affected Software: GOGS Severity: High Date: Aug 5, 2025 Discoverer: OpenAI...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/06 5:41 p.m.25 views

CVE-2025-64175 Gogs Vulnerable to 2FA Bypass via Recovery Code

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

7.7CVSS0.00424EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 5:41 p.m.4 views

CVE-2025-64175 Gogs Vulnerable to 2FA Bypass via Recovery Code

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

7.7CVSS5.5AI score0.00424EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 5:41 p.m.5 views

EUVD-2025-206882

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

7.7CVSS5.5AI score0.00424EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 5:41 p.m.4 views

CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

7.7CVSS5.5AI score0.00424EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 5:41 p.m.11 views

CVE-2025-64175

Gogs 2FA bypass CVE-2025-64175 affects version 0.13.3 and earlier. Root cause: the UseRecoveryCode check does not scope recovery codes by user, performing a global lookup for any unused code and ignoring the authenticating user’s ID. Exploitation requires victim credentials, after which an attack...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/06 5:41 p.m.8 views

CVE-2025-64175 Gogs Vulnerable to 2FA Bypass via Recovery Code

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

7.7CVSS5.5AI score0.00424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6864

Contact OpenAI Security Research at [email protected] to engage on this report. See PDF report for easier reading. Security Advisory: 2FA Bypass via Recovery Code Vulnerability Type: 2FA Authentication Bypass Affected Software: GOGS Severity: High Date: Aug 5, 2025 Discoverer: OpenAI...

7.7CVSS5.8AI score0.00424EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have security vulnerabilities. Thes...

8.8CVSS6.1AI score0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6751

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, an open source self-hosted Git service, has a flaw in its Two-Factor Authentication 2FA recovery code validation process. The validation does not verify that the recovery...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References122
Rows per page
Query Builder