11 matches found
CVE-2026-8760
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
EUVD-2026-25628
awslabs/tough is Missing Delegated Metadata Validation...
CVE-2026-6967
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...
DataHub Code Issue Vulnerability
DataHub is datahub-project open source metadata platform for a modern data stack. A code issue vulnerability exists in DataHub versions prior to 0.11.1, which stems from the DataHub front-end not setting a cookie expiration time, resulting in the cookie being permanently valid after an attacker...
golang: crypto/tls: session tickets lack random ticket_age_add
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...
golang: crypto/tls: session tickets lack random ticket_age_add
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...
golang: crypto/tls: session tickets lack random ticket_age_add
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...
golang: crypto/tls: session tickets lack random ticket_age_add
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...
golang: crypto/tls: session tickets lack random ticket_age_add
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...
Maddy Mail Server 安全漏洞
Maddy Mail Server is a composable all-in-one mail server from the Russian individual developer Max Mazurov. A security vulnerability exists in maddy Mail Server versions prior to 0.5.4, which stems from not implementing password expiration or account expiration checks when using PAM for...