2548 matches found
Gogs 安全漏洞
Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have security vulnerabilities. Thes...
CVE-2026-25483
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...
CVE-2025-11173
CVE-2025-11173 affects Wikimedia Foundation OATHAuth via the file src/Special/OATHManage.Php. The issue impacts OATHAuth versions before 1.39.14, 1.43.4, and 1.44.1. Debian advisories (DSA-6085-1) indicate fixes are available: oldstable (bookworm) upgrades to 1:1.39.17-1~deb12u1, stable (trixie) ...
CVE-2025-11173 Reauth for enabling 2FA can be bypassed by submitting a form
Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...
CVE-2025-11173 Reauth for enabling 2FA can be bypassed by submitting a form
Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from before 1.39.14, 1.43.4, 1.44.1...
Linux Distros Unpatched Vulnerability : CVE-2026-0723
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowe...
CVE-2025-59090
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
BIT-GITLAB-2026-0723 Unchecked Return Value in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...
BIT-MOODLE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...
BIT-MOODLE-2025-3627 Moodle: partial data exposure in moodle before completing multi-factor authentication
A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication 2FA...
BIT-MOODLE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...
CVE-2025-59090
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
CVE-2025-59090
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
CVE-2025-59090
CVE-2025-59090 affects dormakaba exos 9300 systems where an unauthenticated SOAP API is exposed on port 8002. The API is reachable without credentials, enabling an attacker with network access to create arbitrary access log events and query 2FA PINs linked to enrolled chip cards. CVSS metrics in ...
PT-2026-4740
Name of the Vulnerable Software and Affected Versions exos 9300 server affected versions not specified Description A SOAP API is reachable on port 8002 on the exos 9300 server without requiring authentication. Network access to the server allows for actions such as creating arbitrary access log...
Dormakaba Exos 9300 security vulnerabilities
The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability. This vulnerability stems from the SOAP API, which requires no authentication, potentially allowing the creation of arbitra...
CVE-2026-0723
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...
CVE-2026-24038
Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
CVE-2024-10924 / Auth Bypass 2FA to RCE Exploit - Author: J...