215 matches found
CVE-2026-0492 Privilege escalation vulnerability in SAP HANA database
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability...
PT-2026-2328
Name of the Vulnerable Software and Affected Versions SAP HANA database affected versions not specified Description The SAP HANA database has a flaw that allows privilege escalation. An attacker with valid credentials for any user can switch to another user, potentially gaining administrative...
Authentication Bypass
moodle/moodle is vulnerable to an authentication bypass. The vulnerability is due to improper enforcement of multi-factor authentication logic under certain conditions, which allows an attacker with valid credentials to bypass MFA and gain unauthorized access to user accounts...
DRUPAL-CONTRIB-2025-124
This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...
Linux Distros Unpatched Vulnerability : CVE-2025-62398
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising...
CVE-2025-59116
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...
BIT-MOODLE-2025-62398 Moodle: possible to bypass mfa
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
CVE-2025-20346
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...
Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115
The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...
CVE-2025-58428 Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote...
GHSA-25WF-7X6C-WMPF Moodle does not properly enforce MFA
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
Moodle does not properly enforce MFA
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
UBUNTU-CVE-2025-62398
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
CVE-2025-62398 Moodle: possible to bypass mfa
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
EUVD-2025-35669
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
CVE-2025-62398 Moodle: possible to bypass mfa
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
PT-2025-43446
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. Recommendations At the...
CVE-2025-62398
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that...
EUVD-2020-24706
Malware in sbrugna...