Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6 to 2026.1.11 contained security vulnerabilities. These vulnerabilities were...

WordPress Plugin Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...

EUVD-2021-13070

Malware in sbrugna...

EUVD-2022-39797

Malicious code in bioql PyPI...

Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability

Vault and Vault Enterprise’s “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

BIT-JOOMLA-2023-23755 [20230502] - Core - Bruteforce prevention within the mfa screen

An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods...

PT-2024-25635 · Mfa +2 · Mfa +2

Name of the Vulnerable Software and Affected Versions: MFA affected versions not specified Description: The issue concerns the logout option within MFA, which did not include the necessary token to prevent the risk of users being inadvertently logged out via CSRF. Recommendations: At the moment,...