Lucene search
K

875 matches found

Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.5 views

PT-2026-8338

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly sanitize sensitive data within WebSocket messages. This allows...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References113
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

WordPress Plugin Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00242EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.3 views

CVE-2023-4177

A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...

5.7CVSS6.2AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

9.1CVSS7AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.5 views

CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...

8.8CVSS7.2AI score0.00815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.9 views

CVE-2023-45140

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

4.8CVSS6.8AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.7 views

CVE-2025-23017

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass by enrolling a new authentication factor when the attacker knows the user's password. No exploitation occurred...

6CVSS7.3AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.7 views

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

7.7CVSS6.8AI score0.00724EPSS
Exploits0References1
HackRead
HackRead
added 2026/01/06 10:37 a.m.4 views

New VVS Stealer Malware Targets Discord Users via Fake System Errors

Palo Alto Networks’ new report reveals VVS Stealer uses Discord Injection and fake error messages to steal tokens and MFA codes. Protect your account from this new Python-based threat...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.6 views

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable delay before the MFA check when connecting via RDP. A remote authenticated attacker with administrative privileges can potentially bypass detection during this window. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.6 views

CVE-2025-62004

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0,...

7.5CVSS6.8AI score0.00281EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 8:36 a.m.2 views

MAL-2025-192634 Malicious code in okta-mfa-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ebb2032d926e5816a1691e5d8260071225622a855da97c958eb62bdc038c6d9 The package okta-mfa-library was found to contain malicious code. Source: ghsa-malware 108be553f36138742a538cfeeead5e936c7b26a0ceeea8f626656acbf1bd47...

6.8AI score
Exploits0References1
NVD
NVD
added 2025/12/18 9:15 p.m.6 views

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

7.7CVSS0.00311EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/12/18 8:35 p.m.4 views

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

7.7CVSS5.5AI score0.00311EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/12/18 8:35 p.m.14 views

CVE-2025-62003

CVE-2025-62003 affects BullWall Server Intrusion Protection; a configuration-dependent delay before MFA check for RDP could allow a remote, authenticated attacker with administrative privileges to bypass detection during the delay. Affected versions: 4.6.0.0, 4.6.0.6, 4.6.0.7, 4.6.1.4 (other vers...

7.7CVSS6.3AI score0.00311EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52342

Name of the Vulnerable Software and Affected Versions BullWall versions 4.6.0.0 through 4.6.1.4 Description BullWall Server Intrusion Protection services start after login services. An attacker who is already authenticated and has administrative privileges can log in following a system boot,...

7.5CVSS6.7AI score0.00281EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

BullWall Server Intrusion Protection 安全漏洞

BullWall Server Intrusion Protection is a server security software from the Danish company BullWall. A security vulnerability exists in BullWall Server Intrusion Protection versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4, which stems from an improperly sequenced initialization of the service and...

7.7CVSS6.5AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.9 views

PT-2025-52341

Name of the Vulnerable Software and Affected Versions BullWall Server Intrusion Protection versions 4.6.0.0 through 4.6.1.4 Description BullWall Server Intrusion Protection exhibits a delay before Multi-Factor Authentication MFA is checked when connecting via Remote Desktop Protocol RDP. A remote...

7.5CVSS6.5AI score0.00311EPSS
Exploits0References6
NVD
NVD
added 2025/12/10 1:15 a.m.5 views

CVE-2025-67507

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...

8.1CVSS0.00307EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/12/08 11:58 a.m.7 views

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak...

7.1AI score
Exploits0
Rows per page
Query Builder