Lucene search
K

2549 matches found

Snyk
Snyk
added 2026/01/06 1:53 a.m.4 views

Insufficient Session Expiration

Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Insufficient Session Expiration via the authentication process. An attacker can gain unauthorized access by reusing a valid TOTP token within its validity window after intercepting it. Note:...

6.5CVSS6.9AI score0.00321EPSS
Exploits0References2
CVE
CVE
added 2026/01/06 12:44 a.m.13 views

CVE-2025-69197

Pterodactyl Panel (versions

6.5CVSS6.4AI score0.00321EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/06 12:44 a.m.3 views

CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

6.5CVSS6.4AI score0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/06 12:44 a.m.29 views

CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

6.5CVSS0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/01/06 12:44 a.m.6 views

CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

6.5CVSS6.7AI score0.00321EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.9 views

CVE-2025-56333

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...

9.8CVSS7.4AI score0.00423EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/29 6:30 p.m.2 views

EUVD-2025-205620

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...

6.8AI score0.00423EPSS
Exploits1References3
NVD
NVD
added 2025/12/29 4:15 p.m.5 views

CVE-2025-56333

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...

9.8CVSS0.00423EPSS
Exploits1References2
OSV
OSV
added 2025/12/29 4:15 p.m.3 views

CVE-2025-56333

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...

9.8CVSS7.3AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/29 12:0 a.m.2 views

CVE-2025-56333

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...

6.9AI score0.00423EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/29 12:0 a.m.19 views

CVE-2025-56333

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component...

0.00423EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.5 views

pangolin 安全漏洞

pangolin is an agent software from the Pangolin open source. A security vulnerability exists in pangolin 1.6.2 and earlier versions, which stems from a problem with the 2FA component that could lead to elevation of privilege...

9.8CVSS5.8AI score0.00423EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.4 views

PT-2025-53744

Name of the Vulnerable Software and Affected Versions Fossorial fosrl/pangolin versions prior to 1.6.3 Description An issue allows a remote attacker to escalate privileges through the two-factor authentication 2FA component. Recommendations Update to a version prior to 1.6.3...

7.1AI score0.00423EPSS
Exploits1References4
CVE
CVE
added 2025/12/29 12:0 a.m.10 views

CVE-2025-56333

Fossorial fosrl/pangolin prior to v1.6.3 is affected by a privilege-escalation flaw in the 2FA component. The vulnerability (CVE-2025-56333) enables a remote attacker to escalate privileges, with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8. Affected product is pangolin (Fossori...

9.8CVSS7AI score0.00423EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2025/12/25 8:22 a.m.12 views

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 CVSS score: 5.2, an improper authentication vulnerability in SSL VPN in FortiOS that could allow a us...

9.8CVSS9.8AI score0.49344EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 8:41 a.m.9 views

Malicious code in u2f_client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.4 views

CVE-2025-54745

Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...

6.5CVSS7AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 12:4 p.m.7 views

BIT-GITLAB-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS6.9AI score0.00274EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/12 4:13 a.m.4 views

CVE-2025-11984

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS7AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 5:16 a.m.5 views

CVE-2025-11984

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS0.00274EPSS
Exploits0References3
Rows per page
Query Builder