Lucene search
K

2551 matches found

CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

Horilla authorization issue vulnerability

Horilla is a free open-source human resources software developed by Horilla Company. Version 1.4.0 of Horilla contains an authorization vulnerability. This vulnerability stems from defects in the equality checks within the OTP processing logic, which could lead to a complete bypass of two-factor...

8.1CVSS5.8AI score0.00443EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/01/21 3:42 p.m.8 views

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service DoS and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers MMRs that could permit a meeting...

9.9CVSS7AI score0.12965EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-11984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowe...

6.8CVSS5.7AI score0.00274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.12 views

PT-2026-3854

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.1 through 18.6.4 GitLab CE/EE versions 18.7 through 18.7.2 GitLab CE/EE versions 18.8 through 18.8.2 Description GitLab CE/EE is affected by an issue that could allow an authenticated user to create a denial of service...

6.5CVSS6.1AI score0.00521EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3860

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.3 through 18.6.3 GitLab CE/EE versions 18.7 through 18.7.1 GitLab CE/EE versions 18.8 through 18.8.1 Description An issue in GitLab CE/EE could allow an unauthenticated user to create a denial of service condition by...

5.3CVSS6.1AI score0.00538EPSS
Exploits0References11
Virtuozzo
Virtuozzo
added 2026/01/20 12:0 a.m.12 views

Virtuozzo Hybrid Infrastructure 7.2 (7.2.0-246)

In this release, Virtuozzo Hybrid Infrastructure introduces support for two-factor authentication 2FA for system administrators and self-service users, along with several other new features and improvements. Additionally, this release delivers stability fixes and addresses issues found in previou...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/17 2:59 a.m.219 views

Exploit for CVE-2025-8489

100-days-challenge-day-21--WP scan WP Scan helped identify co...

10CVSS8.8AI score0.20631EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS6.7AI score0.00367EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 8:40 a.m.4 views

BIT-GHOST-2026-22594 Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS6.7AI score0.00367EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/10 3:44 a.m.3 views

Missing Critical Step in Authentication

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Missing Critical Step in Authentication via the 2FA authentication. An attacker can gain unauthorized access to staff accounts by bypassing the email-based two-factor authentication step. Remediation Upgra...

8.6CVSS7.1AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/01/10 3:15 a.m.7 views

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS0.00367EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 2:56 a.m.9 views

CVE-2026-22594 Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS6.4AI score0.00367EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/10 2:56 a.m.5 views

EUVD-2026-1459

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS6.2AI score0.00367EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/10 2:56 a.m.2 views

CVE-2026-22594 Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS6.4AI score0.00367EPSS
Exploits0References3
CVE
CVE
added 2026/01/10 2:56 a.m.16 views

CVE-2026-22594

Summary: CVE-2026-22594 affects Ghost (Node.js CMS). Vulnerable are Ghost v5.105.0–5.130.5 and v6.0.0–6.10.3, where a flaw in the 2FA mechanism allows staff users to bypass email-based 2FA. The issue has been patched in v5.130.6 and v6.11.0. Impact nodes: bypass of email 2FA for staff; no details...

8.1CVSS6.4AI score0.00367EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/10 2:56 a.m.31 views

CVE-2026-22594 Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

8.1CVSS0.00367EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.4 views

PT-2026-2216

Name of the Vulnerable Software and Affected Versions Ghost versions 5.105.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in Ghost’s 2FA mechanism permits staff users to bypass email 2FA. The issue affects the two-factor...

8.1CVSS6.6AI score0.00367EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Ghost 授权问题漏洞

Ghost is a hosting service of Ghost Open Source. An authorization issue vulnerability exists in Ghost versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in Ghost's two-factor authentication mechanism that could cause a staff user to skip two-factor authentication f...

8.1CVSS6.5AI score0.00367EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.9 views

CVE-2023-25267

An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 fixed in 10.0.0. There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI...

8.8CVSS6.8AI score0.01047EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.6 views

CVE-2023-43320

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component...

8.8CVSS7.4AI score0.0099EPSS
Exploits3References1
Rows per page
Query Builder