CVE-2026-33667 OpenProject: 2FA OTP Verification Missing Rate Limiting

OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirmotp action of the twofactorauthentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing bruteforceblockafterfailedlogins setting...

WordPress plugin WP 2FA 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-8850

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

CVE-2025-8850

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

CVE-2025-8850

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

CVE-2025-8850 Insecure API Design in danny-avila/librechat

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat version 0.7.9, which stems from a failure to properly validate the OTP or backup code during the 2FA disablement process, which could result in reduced account security...

EUVD-2022-48082

Malicious code in bioql PyPI...

Insecure API Design: Able to Disable 2-Factor Authentication Without OTP or Backup Code

Description There is a minor issue in the 2-Factor Authentication 2FA flow. when a user tries to disable 2FA from the dashboard, the system should ask for a valid OTP or backup code and verify it through the following API: POST /api/auth/2fa/verify HTTP/1.1 Host: 127.0.0.1:3080 User-Agent:...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

SonicWALL SMA100 安全漏洞

The SonicWALL SMA100 is a secure access gateway appliance from SonicWALL USA. The SonicWALL SMA100 suffers from a cryptographic issue vulnerability that stems from the use of a weakly encrypted pseudo-random number generator in the backup code generator. An attacker could exploit the vulnerabilit...

PT-2024-9234 · Sonicwall · Sonicwall Sma100

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 series affected versions not specified Description: The issue is related to the use of a cryptographically weak pseudo-random number generator PRNG in the SonicWall SMA100 SSLVPN backup code generator. This weakness can be...

PT-2024-11688 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/createbackupcodes" endpoint. This occurs because th...

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

Code injection

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...