5016 matches found
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...
EUVD-2026-21414
Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...
GHSA-8JVC-MCX6-R4CG Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path
Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...
Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path
Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...
PT-2026-32032
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
PT-2026-32031
Name of the Vulnerable Software and Affected Versions ajenti.plugin.core versions prior to 0.112 Description Prior to version 0.112, if two-factor authentication 2FA was enabled, password authentication could be bypassed. This allowed unauthorized access to the system. Recommendations Upgrade to...
S3CDM: A Secret-Sharing-Scheme-Based Cyberattack Detection Model and Its Simulation Implementation
We design and develop a secret-sharing-scheme-based cyberattack detection modelS3CDMthat can detect unauthorized or illegal activities especially insider attacks and protect sensitive information within complex network infrastructures of large organizations. The model splits a secret among a grou...
Vikunja 授权问题漏洞
Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.3.0 had an authorization vulnerability. This vulnerability stemmed from the OIDC callback handler, which issued full JWT tokens without checking whether the matching user had enabled TOTP two-factor...
ajenti 授权问题漏洞
Ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Prior to version 0.112, there were authorization-related vulnerabilities in Ajenti. These vulnerabilities stemmed from the possibility of bypassing password authentication when two-factor...
PT-2026-31944
Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...
CVE-2026-39943 Directus exposes sensitive fields in revision history
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-39943 Directus exposes sensitive fields in revision history
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-39943
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-39943
CVE-2026-39943 (Directus) affects Directus prior to v11.17.0. The revision-snapshot path writes revisions to directus_revisions without consistently applying the prepareDelta sanitization, potentially storing sensitive fields (tokens, 2FA secrets, external auth identifiers, auth data, credentials...
PT-2026-31348
Name of the Vulnerable Software and Affected Versions: LiquidJS versions prior to 10.25.3 Description: LiquidJS is a template engine. A flaw exists in the 'replace' filter when the 'memoryLimit' option is enabled. The memory usage calculation incorrectly accounts for the size of the output string...