5016 matches found
Race Condition
Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to Race Condition in the 2FA authentication. An attacker can gain unauthorized access by exploiting a timing issue immediately after user authentication, allowing them to bypass intended security checks...
ajenti.plugin.core has race conditions in 2FA
Impact If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
EUVD-2026-21575
ajenti.plugin.core has password bypass when 2FA is activated...
User Impersonation
Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to User Impersonation via 2FA authentication. An attacker can gain unauthorized access by bypassing password authentication. Remediation Upgrade ajenti.plugin.core to version 0.112 or higher. References - GitHu...
GHSA-3MCX-6WXM-QR8V ajenti.plugin.core has password bypass when 2FA is activated
Impact If the 2FA was activated, it was possible to bypass the password authentication Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
ajenti.plugin.core has password bypass when 2FA is activated
Impact If the 2FA was activated, it was possible to bypass the password authentication Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
CVE-2026-40178 ajenti.plugin.core has a race conditions in 2FA
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
CVE-2026-40178
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
CVE-2026-40178 ajenti.plugin.core has a race conditions in 2FA
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
CVE-2026-40178
CVE-2026-40178 affects ajenti.plugin.core in Ajenti. A race condition existed during the window after authentication when 2FA was enabled, allowing bypass of authentication. The issue is fixed in version 0.112. The Connected CVE description confirms the vulnerability and fix; no exploitation deta...
CVE-2026-40177 Password bypass when 2FA is activated
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112...
CVE-2026-40177
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112...
CVE-2026-40177 Password bypass when 2FA is activated
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112...
CVE-2026-40177
Ajenti vulnerability CVE-2026-40177 affects the Ajenti core plugin (ajenti.plugin.core). Prior to version 0.112, when 2FA was enabled, authentication could be bypassed, effectively bypassing password login. The issue is fixed in 0.112. The CVSS-like data in the record indicates a high impact on c...
CVE-2026-39943
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-34727
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
Improper Authentication
github.com/zitadel/zitadel is vulnerable to improper authentication. The vulnerability is due to MFA being enforced only when explicitly required by policy, which allows an attacker to bypass additional authentication factors and exploit weaker single-factor sessions, potentially compromising...
CVE-2026-34727 Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
CVE-2026-34727 Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
CVE-2026-34727
Vikunja