CVE-2026-24038

Horilla HRMS has a 2FA bypass in version 1.4.0 due to a flawed OTP equality check: when OTP expires, the server returns None and omitting the otp field makes user_otp == otp pass, bypassing 2FA. Administrative accounts risk data compromise; fixed in version 1.5.0. Remediation: upgrade to 1.5.0 or...

CVE-2024-10122 Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the...

CVE-2024-10122

CVE-2024-10122 affects Topdata Inner Rep Plus WebServer 2.01, specifically the Operator Details Form’s /InnerRepPlus.html function. Connected PT-2024-16045 confirms a vulnerability due to missing password field masking, enabling remote attacks. Vendor response unavailable. Practical impact stated...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missin...

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/...