Lucene search
K

2548 matches found

CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have security vulnerabilities. Thes...

8.8CVSS6.1AI score0.00424EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.21 views

CVE-2026-25483

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...

6.2CVSS0.003EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 12:27 a.m.20 views

CVE-2025-11173

CVE-2025-11173 affects Wikimedia Foundation OATHAuth via the file src/Special/OATHManage.Php. The issue impacts OATHAuth versions before 1.39.14, 1.43.4, and 1.44.1. Debian advisories (DSA-6085-1) indicate fixes are available: oldstable (bookworm) upgrades to 1:1.39.17-1~deb12u1, stable (trixie) ...

5.3AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 12:27 a.m.5 views

CVE-2025-11173 Reauth for enabling 2FA can be bypassed by submitting a form

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

5.3AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 12:27 a.m.33 views

CVE-2025-11173 Reauth for enabling 2FA can be bypassed by submitting a form

Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...

0.00356EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-0723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowe...

7.4CVSS5.9AI score0.00832EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.4 views

CVE-2025-59090

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

9.3CVSS6AI score0.01039EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 9:13 a.m.7 views

BIT-GITLAB-2026-0723 Unchecked Return Value in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS5.9AI score0.00832EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 2:49 p.m.3 views

BIT-MOODLE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 2:49 p.m.4 views

BIT-MOODLE-2025-3627 Moodle: partial data exposure in moodle before completing multi-factor authentication

A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication 2FA...

4.3CVSS5.9AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 2:49 p.m.4 views

BIT-MOODLE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

7.1CVSS5.9AI score0.00356EPSS
Exploits0References3
NVD
NVD
added 2026/01/26 10:16 a.m.11 views

CVE-2025-59090

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

9.3CVSS0.01039EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:3 a.m.2 views

CVE-2025-59090

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

9.3CVSS6AI score0.01039EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/26 10:3 a.m.3 views

CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

9.3CVSS6AI score0.01039EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:3 a.m.17 views

CVE-2025-59090

CVE-2025-59090 affects dormakaba exos 9300 systems where an unauthenticated SOAP API is exposed on port 8002. The API is reachable without credentials, enabling an attacker with network access to create arbitrary access log events and query 2FA PINs linked to enrolled chip cards. CVSS metrics in ...

9.3CVSS6AI score0.01039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.7 views

PT-2026-4740

Name of the Vulnerable Software and Affected Versions exos 9300 server affected versions not specified Description A SOAP API is reachable on port 8002 on the exos 9300 server without requiring authentication. Network access to the server allows for actions such as creating arbitrary access log...

9.3CVSS6AI score0.01039EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability. This vulnerability stems from the SOAP API, which requires no authentication, potentially allowing the creation of arbitra...

9.3CVSS7.4AI score0.01039EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/23 3:21 p.m.4 views

CVE-2026-0723

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS5.9AI score0.00832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 6:19 a.m.4 views

CVE-2026-24038

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/22 8:1 p.m.191 views

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

CVE-2024-10924 / Auth Bypass 2FA to RCE Exploit - Author: J...

9.8CVSS5.9AI score0.81722EPSS
Exploits21
Rows per page
Query Builder