CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

CVE-2025-12628

CVE-2025-12628 concerns the WordPress plugin “WP 2FA” where backup codes are generated with insufficient entropy, enabling brute-force attempts to bypass the second factor. Affected software: WP 2FA (Two-factor authentication for WordPress) — versions up to 3.0.0 (per enrichment). Root cause: bac...

PT-2025-47905

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

The Star Product of Uniformly Random Codes

We consider the problem of determining the expected dimension of the star product of two uniformly random linear codes that are not necessarily of the same dimension. We achieve this by establishing a correspondence between the star product and the evaluation of bilinear forms, which we use to...

CVE-2025-34333

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process...

EUVD-2025-198338

An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...

EUVD-2025-198296

ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration baseurl is not set. Because Host is a client-controlled header, a...

CVE-2025-62709 ClipBucket v5 is vulnerable to password reset link manipulation

ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration baseurl is not set. Because Host is a client-controlled header, a...

CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

CVE-2025-34334

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

CVE-2025-34329

CVE-2025-34329 affects AudioCodes Fax Server and Auto-Attendant IVR appliances ≤2.6.23. An unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface allows uploading a file to a configured backup path, with no authentication, authorization, ...

CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances (≤ 2.6.23) expose an unauthenticated script-management endpoint in the web administration component (F2MAdmin) at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-sid...

CVE-2025-34330

The CVE-2025-34330 entry affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web admin component (F2MAdmin) exposes an unauthenticated endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php that accepts uploaded files and writes them into C:\F2...

CVE-2025-34333

CVE-2025-34333 affects AudioCodes Fax Server and Auto-Attendant IVR appliances

Google Chrome Code Problem Vulnerability (CNVD-2025-29241)

Google Chrome is a web browser developed by Google Inc. A security vulnerability exists in the Lens feature in Google Chrome prior to version 136.0.7103.59, which stems from an imperfect validation mechanism for QR codes. The vulnerability can be exploited by an attacker to conduct an interface...

LY Corporation: page.line.me Open Redirect Leading to OAuth Authorization Code Exposure and Access Token Compromise

An open redirect vulnerability was identified in page.line.me because redirect destinations were not properly restricted to trusted domains. This vulnerability could have been abused within an OAuth 2.0 authorization flow to cause the authorization response to be sent to an attacker-controlled...

SUSE CVE-2016-11070

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values...