2549 matches found
Insufficient Session Expiration
Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Insufficient Session Expiration via the authentication process. An attacker can gain unauthorized access by reusing a valid TOTP token within its validity window after intercepting it. Note:...
CVE-2025-69197
Pterodactyl Panel (versions
CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...
CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...
CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...
CVE-2025-56333
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...
EUVD-2025-205620
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...
CVE-2025-56333
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...
CVE-2025-56333
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...
CVE-2025-56333
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...
CVE-2025-56333
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...
pangolin 安全漏洞
pangolin is an agent software from the Pangolin open source. A security vulnerability exists in pangolin 1.6.2 and earlier versions, which stems from a problem with the 2FA component that could lead to elevation of privilege...
PT-2025-53744
Name of the Vulnerable Software and Affected Versions Fossorial fosrl/pangolin versions prior to 1.6.3 Description An issue allows a remote attacker to escalate privileges through the two-factor authentication 2FA component. Recommendations Update to a version prior to 1.6.3...
CVE-2025-56333
Fossorial fosrl/pangolin prior to v1.6.3 is affected by a privilege-escalation flaw in the 2FA component. The vulnerability (CVE-2025-56333) enables a remote attacker to escalate privileges, with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8. Affected product is pangolin (Fossori...
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 CVSS score: 5.2, an improper authentication vulnerability in SSL VPN in FortiOS that could allow a us...
Malicious code in u2f_client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-54745
Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...
BIT-GITLAB-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...
CVE-2025-11984
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...
CVE-2025-11984
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...