Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/18 10:0 p.m.2 views

CVE-2026-32730

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

8.1CVSS5.8AI score0.00362EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/01 6:3 p.m.5 views

CVE-2025-6015 Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse

Vault and Vault Enterprise’s “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.7CVSS6.6AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/27 8:28 p.m.35 views

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

5.4CVSS9.7AI score0.00582EPSS
Exploits1References2
OSV
OSV
added 2022/05/18 12:0 a.m.23 views

GHSA-C5WC-V287-82PC HashiCorp Vault improper configuration of multi factor authentication

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

5.3CVSS5.4AI score0.01102EPSS
Exploits0References6
Rows per page
Query Builder