CVE-2026-3429

CVE-2026-3429 (Keycloak) affects the Keycloak Account REST API. A user with lower-privilege authentication can perform actions intended for higher-assurance sessions, specifically deleting a victim’s MFA/OTP credential after obtaining the victim’s password, and then registering their own MFA devi...

EUVD-2026-11172

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled...

CVE-2026-32229

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled...

CVE-2026-32229

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled...

CVE-2026-32229

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled...

CVE-2026-32229

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled...

CVE-2026-32229

CVE-2026-32229 affects JetBrains Hub prior to version 2026.1, describing a sign-in variant where account mismatch can occur when non-SSO authentication is used and 2FA is disabled. The CVSS 3.1 metrics indicate NETWORK attack vector, HIGH confidentiality and integrity impact, HIGH attack complexi...

CVE-2025-69615

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03...

EUVD-2026-11280

Parse Server's MFA recovery codes not consumed after use...

Parse Server's MFA recovery codes not consumed after use

Impact When multi-factor authentication MFA via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recover...

PT-2026-24694

CVE-2026-32229 In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled https://t.co/HGjrOHOd94...

PT-2026-24690

Impact When multi-factor authentication MFA via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recover...

JetBrains Hub 安全漏洞

JetBrains Hub is a web-based application developed by the Czech company JetBrains. This program allows for the integration of various JetBrains tools. Versions of JetBrains Hub prior to 2026.1 contained a security vulnerability that could lead to mismatches between login accounts when SSO...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.6.0-alpha.7 and 8.6.33. These vulnerabilities stemmed from the reuse of multi-factor...

2FAuth 代码问题漏洞

2FAuth is a web application personally developed by Bubka, designed to manage two-factor authentication accounts and generate their security codes. Versions of 2FAuth prior to 6.1.0 contained a code-related vulnerability. This vulnerability stemmed from the image parameter in the OTP URL not bein...

EUVD-2025-208508

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03...

EUVD-2025-208509

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03...

CVE-2025-69615

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03...

CVE-2026-22572

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may...

CVE-2025-69615

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03...