Lucene search
K

2549 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.5 views

CVE-2021-31901

In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group...

7.5CVSS7.2AI score0.00864EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:11 a.m.4 views

CVE-2016-10831

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account SEC-101...

7.2CVSS7.2AI score0.01393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:11 a.m.12 views

CVE-2016-10826

cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests SEC-93...

8.8CVSS7AI score0.01308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.8 views

CVE-2022-35248

A improper authentication vulnerability exists in Rocket.Chat...

8.8CVSS9AI score0.01216EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:5 a.m.7 views

CVE-2019-20877

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled...

5.3CVSS6.3AI score0.0092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.7 views

CVE-2020-10079

GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required...

5.3CVSS6.8AI score0.0086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.7 views

CVE-2020-24655

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...

5.1CVSS6.9AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.8 views

CVE-2025-23168

The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...

8.8CVSS7.4AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.8 views

CVE-2023-40060

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...

7.2CVSS6.8AI score0.00872EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.8 views

CVE-2021-41129

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can...

8.1CVSS6.9AI score0.01696EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.11 views

CVE-2024-41978

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL-Router family All versions V8.1, SCALANCE M816-1...

7.1CVSS6.2AI score0.00488EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/08 9:29 p.m.12 views

Ghost has Staff 2FA bypass

Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. Vulnerable versions This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and v6.11.0 contain a fix for this issue. References Ghost thanks Sho Odagiri of G...

8.1CVSS6.9AI score0.00367EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/08 9:29 p.m.4 views

GHSA-5FP7-G646-CCF4 Ghost has Staff 2FA bypass

Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. Vulnerable versions This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and v6.11.0 contain a fix for this issue. References Ghost thanks Sho Odagiri of G...

8.1CVSS6.7AI score0.00367EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/01/07 9:42 a.m.11 views

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.6 views

CVE-2019-16917

WiKID Enterprise 2FA two factor authentication Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function...

8.8CVSS7.7AI score0.02143EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.6 views

CVE-2019-12363

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa=deactivate or usercp.php?action=mybb2fa=activate. A deactivate operation lowers the security ...

8.8CVSS7AI score0.00618EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.6 views

CVE-2025-69197

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

6.5CVSS6.7AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.12 views

CVE-2019-16766

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0...

8.8CVSS6.8AI score0.01162EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/06 5:20 p.m.9 views

Pterodactyl TOTPs can be reused during validity window

Summary When a user signs into an account with 2FA enabled they are prompted to enter a token. When that token is used, it is not sufficiently marked as used in the system allowing an attacker that intercepts that token to then use it in addition to a known username/password during the token...

6.5CVSS6.9AI score0.00321EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/06 5:20 p.m.5 views

GHSA-RGMP-4873-R683 Pterodactyl TOTPs can be reused during validity window

Summary When a user signs into an account with 2FA enabled they are prompted to enter a token. When that token is used, it is not sufficiently marked as used in the system allowing an attacker that intercepts that token to then use it in addition to a known username/password during the token...

6.5CVSS6.8AI score0.00321EPSS
Exploits0References5
Rows per page
Query Builder