820 matches found
CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability
...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability
...
CVE-2026-26123
Summary: CVE-2026-26123 affects Microsoft Authenticator for iOS and Android. A malicious app on the same device could intercept sign-in flows by hijacking deep links/QR-based sign-ins, potentially exposing one-time codes and allowing account takeover, bypassing MFA protections. The vulnerability ...
Microsoft Authenticator Information Disclosure Vulnerability
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
Microsoft Authenticator 安全漏洞
Microsoft Authenticator is an application for multi-factor authentication developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Authenticator. Attackers can exploit this vulnerability to obtain sensitive information. The following products and...
KLA90927 OSI vulnerability in Microsoft Apps
An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2026-26123 Exploitation CVE list CVE-2026-26123 high Solution Install necessary updates from t...
PT-2026-24376
Name of the Vulnerable Software and Affected Versions Microsoft Authenticator affected versions not specified Description A condition exists where an unauthorized attacker can disclose information locally. The issue relates to Cwe not being in rca categories. Recommendations At the moment, there ...
CVE-2025-15370
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370 Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370 Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
CVE-2025-15370
CVE-2025-15370 affects Shield: Blocks Bots, Protects Users, and Prevents Security Breaches (WordPress Shield Security plugin) up to version 21.0.9. The issue is an Insecure Direct Object Reference via MfaGoogleAuthToggle that allows authenticated attackers with Subscriber-level access and above t...
PT-2026-3215
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...
WordPress Plugin Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MiracleLinux 4 : tomcat6-6.0.24-57.AXS4 (AXSA:2013-491:04)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-491:04 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...
WordPress Shield Security plugin <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Disable Google Authenticator vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.9...
QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials
FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...
CVE-2022-0229
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...