Lucene search
K

215 matches found

Vulnrichment
Vulnrichment
added 2026/01/13 1:13 a.m.7 views

CVE-2026-0492 Privilege escalation vulnerability in SAP HANA database

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability...

8.8CVSS6.6AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.11 views

PT-2026-2328

Name of the Vulnerable Software and Affected Versions SAP HANA database affected versions not specified Description The SAP HANA database has a flaw that allows privilege escalation. An attacker with valid credentials for any user can switch to another user, potentially gaining administrative...

8.8CVSS5.9AI score0.00286EPSS
Exploits0References7
Veracode
Veracode
added 2025/12/13 5:52 a.m.6 views

Authentication Bypass

moodle/moodle is vulnerable to an authentication bypass. The vulnerability is due to improper enforcement of multi-factor authentication logic under certain conditions, which allows an attacker with valid credentials to bypass MFA and gain unauthorized access to user accounts...

5.4CVSS5.9AI score0.00234EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/12/03 6:49 p.m.7 views

DRUPAL-CONTRIB-2025-124

This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...

4.2CVSS7AI score0.0022EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-62398

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising...

5.4CVSS5.5AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 3:16 p.m.2 views

CVE-2025-59116

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...

6.9CVSS0.00218EPSS
Exploits0References2
OSV
OSV
added 2025/11/17 11:47 p.m.3 views

BIT-MOODLE-2025-62398 Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.4CVSS6.9AI score0.00234EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/14 4:55 p.m.6 views

CVE-2025-20346

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...

4.3CVSS6.9AI score0.00239EPSS
Exploits0References1
Drupal
Drupal
added 2025/11/05 12:0 a.m.10 views

Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...

5.4CVSS5.5AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/23 7:49 p.m.10 views

CVE-2025-58428 Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote...

9.9CVSS0.01308EPSS
Exploits0References4
OSV
OSV
added 2025/10/23 12:31 p.m.2 views

GHSA-25WF-7X6C-WMPF Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.3CVSS7.1AI score0.00234EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.8 views

Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.4CVSS7.1AI score0.00234EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/10/23 12:15 p.m.9 views

UBUNTU-CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.4CVSS5.8AI score0.00234EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/23 11:28 a.m.9 views

CVE-2025-62398 Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/23 11:28 a.m.4 views

EUVD-2025-35669

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.3CVSS6.5AI score0.00234EPSS
Exploits0References3
OSV
OSV
added 2025/10/23 11:28 a.m.3 views

CVE-2025-62398 Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.4CVSS5.9AI score0.00234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.4 views

PT-2025-43446

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. Recommendations At the...

5.4CVSS6.6AI score0.00234EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2025/10/16 3:19 p.m.5 views

CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.4CVSS7.1AI score0.00234EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/10/11 1:30 p.m.11 views

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that...

9.8CVSS6.7AI score0.15593EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-24706

Malware in sbrugna...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References2
Rows per page
Query Builder