Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5001 matches found

Cvelist
Cvelistadded 2026/06/02 6:0 a.m.38 views

CVE-2026-8293 Really Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP Skip

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

0.00068EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/02 6:0 a.m.11 views

EUVD-2026-33882

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

7.5CVSS5.8AI score0.00068EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/02 6:0 a.m.6 views

CVE-2026-8293

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

7.5CVSS5.8AI score0.00068EPSS
Exploits0References1
The Hacker News
The Hacker Newsadded 2026/06/02 3:55 a.m.43 views

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack agains...

5.9AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.10 views

PT-2026-45694

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

5.8AI score0.00068EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/01 10:13 p.m.7 views

CVE-2026-45691

A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...

5.9CVSS5.7AI score0.00054EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/01 10:4 p.m.7 views

CVE-2026-45690

A flaw was found in Nextcloud Server. This vulnerability allows a remote attacker, with knowledge of a user's password, to bypass two-factor authentication 2FA protections. When a user attempts to log in with valid credentials on a 2FA-enabled account, a temporary session token is generated befor...

5.9CVSS5.7AI score0.00063EPSS
Exploits0References2
NVD
NVDadded 2026/06/01 7:16 p.m.7 views

CVE-2026-45690

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS0.00063EPSS
Exploits0References3
NVD
NVDadded 2026/06/01 7:16 p.m.9 views

CVE-2026-45691

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS0.00054EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/01 5:9 p.m.9 views

EUVD-2026-33718

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.00054EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/01 5:9 p.m.7 views

CVE-2026-45691

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.00054EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 5:9 p.m.8 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.00054EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/01 5:9 p.m.27 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS0.00054EPSS
Exploits0References3
CVE
CVEadded 2026/06/01 5:9 p.m.45 views

CVE-2026-45691

Summary: CVE-2026-45691 affects Nextcloud Server prior to 32.0.9 and 33.0.3, where a pre-2FA session cookie created after password auth but before TOTP could be reused as a Bearer token to access DAV endpoints, bypassing mandatory two-factor authentication and granting read/write access. Impact: ...

5.9CVSS5.7AI score0.00054EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 5:8 p.m.6 views

CVE-2026-45690 Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS5.7AI score0.00063EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/01 5:8 p.m.7 views

CVE-2026-45690

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS5.7AI score0.00063EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/06/01 5:8 p.m.28 views

CVE-2026-45690 Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS0.00063EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/01 5:8 p.m.9 views

EUVD-2026-33716

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS5.7AI score0.00063EPSS
Exploits0References3
CVE
CVEadded 2026/06/01 5:8 p.m.18 views

CVE-2026-45690

Nextcloud Server versions 32.0.0–32.0.9 and 33.0.0–33.0.3 expose an authentication bypass where, after valid credentials are entered on a 2FA-enabled account, a temporary session token is created before the second factor is enforced. The token can be extracted and replayed via HTTP Basic Authenti...

5.9CVSS5.7AI score0.00063EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/01 12:0 a.m.14 views

PT-2026-45534

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS5.7AI score0.00063EPSS
Exploits0References4
Rows per page
Query Builder