Lucene search
K

2549 matches found

OSV
OSV
added 2025/12/01 9:19 p.m.5 views

CVE-2025-66300 Grav is vulnerable to Arbitrary File Read

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...

8.5CVSS6.8AI score0.00397EPSS
Exploits1References4
NVD
NVD
added 2025/12/01 9:15 p.m.7 views

CVE-2025-66295

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences for example ..\Nijat or ../Nijat, Grav writes the account YAML file to an unintended path...

8.8CVSS0.00482EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.4 views

PT-2025-48559

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description A user with limited privileges and page editing access can read any server file using the "Frontmatter" form. This includes Grav user account files located at /grav/user/accounts/.yaml, which...

8.5CVSS6.7AI score0.00397EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/25 1:10 p.m.17 views

CVE-2025-12628

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

6.3CVSS6.7AI score0.00179EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 3:30 p.m.3 views

EUVD-2025-198648

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

6.3CVSS6.2AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 1:16 p.m.7 views

CVE-2025-12628

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

6.3CVSS0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/24 12:58 p.m.4 views

CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

6.3AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/24 12:58 p.m.19 views

CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

0.00179EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/11/24 8:3 a.m.9 views

A week in security (November 17 &#8211; November 23)

Last week on Malwarebytes Labs: AI teddy bear for kids responds with sexual content and advice about weapons Fake calendar invites are spreading. Here’s how to remove them and prevent more Budget Samsung phones shipped with unremovable spyware, say researchers What the Flock is happening with...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/19 12:50 p.m.9 views

Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real

Attackers have a new trick to steal your username and password: fake browser pop-ups that look exactly like real sign-in windows. These “Browser-in-the-Browser” attacks can fool almost anyone, but a password manager and a few simple habits can keep you safe. Phishing attacks continue to evolve, a...

7AI score
Exploits0
EUVD
EUVD
added 2025/11/18 6:32 p.m.4 views

EUVD-2025-198026

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

5.4CVSS6.5AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 6:32 p.m.3 views

GHSA-9JRW-JRRJ-P6FR Drupal Email TFA allows Functionality Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass. This issue affects Email TFA: from 0.0.0 before 2.0.6...

5.4CVSS6.9AI score0.00179EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/11/18 6:31 p.m.8 views

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

The malware authors associated with a Phishing-as-a-Service PhaaS kit known as Sneaky 2FA have incorporated Browser-in-the-Browser BitB functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount...

6.6AI score
Exploits0
NVD
NVD
added 2025/11/18 5:15 p.m.3 views

CVE-2025-12760

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

5.4CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 4:55 p.m.7 views

CVE-2025-12760 Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 4:55 p.m.10 views

CVE-2025-12760

CVE-2025-12760 concerns the Drupal Email TFA module. Documents consistently describe an authentication bypass via an alternate path or channel affecting Email TFA versions prior to 2.0.6. The vulnerability enables a functionality bypass without full login protection as described in the various so...

5.4CVSS6.6AI score0.00179EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

Drupal Email TFA 安全漏洞

Drupal Email TFA is a Drupal community module that provides email-based two-factor authentication functionality for Drupal. A security vulnerability exists in Drupal Email TFA versions prior to 2.0.6 that stems from bypassing authentication using an alternate path or channel, which could lead to...

5.4CVSS6.6AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47342

Name of the Vulnerable Software and Affected Versions Drupal Email TFA versions prior to 2.0.6 Description An authentication bypass issue exists in Drupal Email TFA, allowing functionality bypass through an alternate path or channel. The issue impacts the Email TFA module. Recommendations Update ...

5.4CVSS6.8AI score0.00179EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/11/17 1:57 p.m.10 views

Scammers are sending bogus copyright warnings to steal your X login

One of my favorite Forbes correspondents recently wrote about receiving several fake copyright-infringement notices from X. Let’s suppose you get an email claiming it’s from X, warning: “We’ve received a DMCA notice regarding your account.” Chances are, you’ll be wondering what you did wrong. DMC...

6.6AI score
Exploits0
Cvelist
Cvelist
added 2025/11/14 12:39 p.m.17 views

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

8.1CVSS0.00334EPSS
Exploits0References2
Rows per page
Query Builder