820 matches found
CVE-2025-9824 User Enumeration via Response Timing
ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...
CVE-2025-9824
The CVE-2025-9824 issue stems from different login response times for existing versus non-existent users in Mautic, enabling user enumeration and potential brute-force attempts. Technical details describe that valid usernames trigger password hashing while invalid ones do not; the fix adds a Timi...
Linux Distros Unpatched Vulnerability : CVE-2023-41900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty...
DRUPAL-CONTRIB-2025-098
This module allows users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module did not protect all possible login paths provided by core modules. CVSS risk score experimental 6.3 / Medium...
Drupal Authenticator Login module < 2.1.8 - Authenticated Broken Access Control vulnerability
Authenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Authenticator Login versions 2.1.8...
Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
This module allows users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module did not protect all possible login paths provided by core modules. CVSS risk score experimental 6.3 / Medium...
Linux Distros Unpatched Vulnerability : CVE-2024-36611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username...
WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin miniOrange's Google Authenticator versions = 6.1.1...
CVE-2025-8995
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...
CVE-2025-8995
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...
CVE-2025-8995
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...
CVE-2025-8995
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...
CVE-2025-8995 Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...
CVE-2025-8995 Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...
CVE-2025-8995
CVE-2025-8995: Drupal Authenticator Login contains an authentication bypass vulnerability in versions prior to 2.1.4. The issue arises in the Authenticator Login module (Drupal) where an alternate path or channel can bypass authentication, effectively allowing login as a user without proper crede...
Drupal Authenticator Login 访问控制错误漏洞
Drupal Authenticator Login is a Drupal community authentication login module or feature for Drupal. A security vulnerability exists in Drupal Authenticator Login versions prior to 2.1.4 that stems from bypassing authentication using an alternate path or channel...
PT-2025-33500 · Drupal · Drupal Authenticator Login
Name of the Vulnerable Software and Affected Versions: Drupal Authenticator Login versions 0.0.0 through 2.1.3 Description: An Authentication Bypass Using an Alternate Path or Channel issue exists in Drupal Authenticator Login, allowing for Authentication Bypass. Recommendations: Update to versio...
Malicious code in character-authenticator (npm)
The package character-authenticator was found to contain malicious code...
Malicious code in aws-lambda-authenticator (npm)
The package aws-lambda-authenticator was found to contain malicious code...
MAL-2025-16794 Malicious code in character-authenticator (npm)
The package character-authenticator was found to contain malicious code...