Lucene search
K

2547 matches found

UbuntuCve
UbuntuCve
added 2026/01/22 3:16 p.m.2 views

CVE-2026-0723

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS6.1AI score0.00832EPSS
Exploits0References4
OSV
OSV
added 2026/01/22 3:16 p.m.4 views

UBUNTU-CVE-2026-0723

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS5.8AI score0.00832EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/22 1:34 p.m.23 views

CVE-2026-0723 Unchecked Return Value in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS0.00832EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 1:34 p.m.6 views

CVE-2026-0723

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS5.7AI score0.00832EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 1:34 p.m.3 views

CVE-2026-0723 Unchecked Return Value in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS5.5AI score0.00832EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 1:34 p.m.32 views

CVE-2026-0723

GitLab CVE-2026-0723 affects GitLab CE/EE versions 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2. The issue allowed an attacker with knowledge of a victim’s credential ID to bypass two-factor authentication by submitting forged device responses. CVSSv3.1 base metrics: AV:N/AC:H/P...

7.4CVSS5.9AI score0.00832EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/01/22 1:34 p.m.10 views

CVE-2026-0723

Removed by vendor...

7.4CVSS6AI score0.00832EPSS
Exploits0
OSV
OSV
added 2026/01/22 1:34 p.m.3 views

CVE-2026-0723 Unchecked Return Value in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS5.6AI score0.00832EPSS
Exploits0References6
NVD
NVD
added 2026/01/22 4:15 a.m.7 views

CVE-2026-24038

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS0.00443EPSS
Exploits1References2
CVE
CVE
added 2026/01/22 3:39 a.m.22 views

CVE-2026-24038

Horilla HRMS has a 2FA bypass in version 1.4.0 due to a flawed OTP equality check: when OTP expires, the server returns None and omitting the otp field makes user_otp == otp pass, bypassing 2FA. Administrative accounts risk data compromise; fixed in version 1.5.0. Remediation: upgrade to 1.5.0 or...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 3:39 a.m.5 views

CVE-2026-24038

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.3AI score0.00443EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/22 3:39 a.m.18 views

CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS0.00443EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/22 3:39 a.m.4 views

CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/22 3:39 a.m.4 views

EUVD-2026-4219

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References2
OSV
OSV
added 2026/01/22 3:39 a.m.4 views

CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.11 views

PT-2026-3914

Name of the Vulnerable Software and Affected Versions Horilla version 1.4.0 Description Horilla, a Human Resource Management System HRMS, contains a flaw in its two-factor authentication implementation. Specifically, the OTP handling logic has a flawed equality check. When an OTP expires, the...

8.1CVSS5.9AI score0.00443EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

Horilla authorization issue vulnerability

Horilla is a free open-source human resources software developed by Horilla Company. Version 1.4.0 of Horilla contains an authorization vulnerability. This vulnerability stems from defects in the equality checks within the OTP processing logic, which could lead to a complete bypass of two-factor...

8.1CVSS5.8AI score0.00443EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/01/21 3:42 p.m.8 views

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service DoS and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers MMRs that could permit a meeting...

9.9CVSS7AI score0.12965EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.12 views

PT-2026-3854

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.1 through 18.6.4 GitLab CE/EE versions 18.7 through 18.7.2 GitLab CE/EE versions 18.8 through 18.8.2 Description GitLab CE/EE is affected by an issue that could allow an authenticated user to create a denial of service...

6.5CVSS6.1AI score0.00521EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3860

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.3 through 18.6.3 GitLab CE/EE versions 18.7 through 18.7.1 GitLab CE/EE versions 18.8 through 18.8.1 Description An issue in GitLab CE/EE could allow an unauthenticated user to create a denial of service condition by...

5.3CVSS6.1AI score0.00538EPSS
Exploits0References11
Rows per page
Query Builder