EUVD-2025-208687

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

privacyIDEA Authenticator 安全漏洞

privacyIDEA Authenticator is a login authentication application from the privacyIDEA organization. A security vulnerability exists in privacyIDEA Authenticator version 4.3.0 that stems from improper handling of OTP/TOTP/HOTP values, which could allow a local attacker to bypass dual authentication...

GitLab 信息泄露漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. An information disclosure vulnerability exists in GitLab CE/EE versions 13.4...

Nextcloud Server Information Disclosure Vulnerability (CNVD-2022-20700)

An information disclosure vulnerability exists in Nextcloud Server, an open source, powerful cloud storage network drive project. An attacker could use this vulnerability to bypass the dual authentication in Nextcloud, and an attacker who knows the password or has access to the WebAuthN trusted...