CVE-2025-6014 Vault TOTP Secrets Engine Code Reuse

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2025-6014

CVE-2025-6014 affects Vault and Vault Enterprise: the TOTP Secrets Engine code validation endpoint can reuse codes within its validity period due to a coding issue. This is a vulnerability in the TOTP verification path, with the impact described as high confidentiality risk and no integrity/avail...

CVE-2025-6014 Vault TOTP Secrets Engine Code Reuse

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

PT-2025-31662 · Hashicorp · Vault +1

Name of the Vulnerable Software and Affected Versions: Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1 Vault Enterprise version 1.19.7 Vault Enterprise version 1.18.12 Vault Enterprise version 1.16.23 Description: The Time-based One-Time Password TOTP Secrets Engine in...

CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution

Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...

CVE-2025-23168

The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...

CVE-2025-23168

The CVE-2025-23168 entry describes a vulnerability in Versa Director SD-WAN’s 2FA via OTP over email/SMS. The authenticated attacker can abuse untrusted input when dispatching OTPs to redirect delivery to their device, enabling interception of codes. OTP/TOTP codes are not invalidated after use, ...

Google Pixel 安全漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a security vulnerability that stems from the inclusion of a logic error in the code that could lead to reuse after release...

Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

GHSA-J827-6RGF-9629 Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...

FreeBSD : forgejo -- multiple vulnerabilities (a5e13973-6c75-11ef-858b-23eeba13701a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a5e13973-6c75-11ef-858b-23eeba13701a advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, y...

CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

Fedora: Security Advisory for decentxml (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: decentxml-1.4-35.fc40

XML parser optimized for round-tripping and code reuse with main features being: Allows 100% round-tripping, even for weird white-space between attributes in the start tag or in the end tag Suitable for building editors and filters which want/need to preserve the original file layout as much as...

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

PT-2023-31228 · Doracms · Doracms

Name of the Vulnerable Software and Affected Versions: DoraCMS version 2.1.8 Description: The issue allows attackers to gain access to the application via a bruteforce attack due to the re-use of the same code for verification of valid usernames and passwords. Recommendations: For DoraCMS version...

GHSA-JV85-MQXJ-3F9J Sentry vulnerable to invite code reuse via cookie manipulation

With a known valid invite link i.e. not already accepted or expired an unauthenticated attacker can manipulate the cookie to allow the same invite link to be reused on multiple accounts when joining an organization. Impact An attacker with a valid invite link can create multiple users and join th...