Lucene search
K

1241 matches found

cnnvd
cnnvd
added 2026/05/22 12:0 a.m.10 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There were security vulnerabilities in the Devolutions Server version 2026.1.6.0 to 2026.1.16.0. These vulnerabilities...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References1
thn
thn
added 2026/05/18 1:0 p.m.14 views

How to Reduce Phishing Exposure Before It Turns into Business Disruption

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread...

5.9AI score
Exploits0
hackread
hackread
added 2026/05/15 10:30 a.m.30 views

CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts...

5.9AI score
Exploits0
redhatcve
redhatcve
added 2026/05/12 8:22 p.m.8 views

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS5.7AI score0.00162EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/12 1:34 p.m.8 views

CVE-2026-43930

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...

2.1CVSS5.8AI score0.00236EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/05/12 1:34 p.m.22 views

CVE-2026-43930

CVE-2026-43930 affects Parse Server. A race condition in the MFA SMS OTP login path before 8.6.76 and 9.9.0-alpha.2 can allow two concurrent /login requests carrying the same OTP to succeed, producing two valid session tokens. Impact is breaking single-use OTP; attacker must already know the vict...

5.9CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/05/08 11:16 p.m.21 views

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS0.00162EPSS
Exploits0References2
cve
cve
added 2026/05/08 9:59 p.m.21 views

CVE-2026-44987

SysReptor (fully customizable pentest reporting platform) has a privilege-escalation issue in versions before 2026.29: users with User Admin permissions can change the emails of users with Superuser permissions. If the installed forgot-password feature is enabled (non-default), these users can re...

3.8CVSS5.7AI score0.00162EPSS
Exploits0References2
joomla
joomla
added 2026/05/07 12:0 a.m.6 views

[20260703] - Core - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
thn
thn
added 2026/05/06 1:0 p.m.15 views

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

The Iranian state-sponsored hacking group known as MuddyWater aka Mango Sandstorm, Seedworm, and Static Kitten has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social...

5.8AI score
Exploits0
cvelist
cvelist
added 2026/05/05 12:28 p.m.41 views

CVE-2026-28510 elabftw allows MFA bypass during login

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS0.00254EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/05 12:28 p.m.9 views

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/05 12:28 p.m.12 views

CVE-2026-28510 elabftw allows MFA bypass during login

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.11 views

PT-2026-37035

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.4.2 Description The login flow in this open source electronic lab notebook does not reliably preserve the multi-factor authentication state across authentication steps. An attacker possessing valid primary credentia...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/05/05 12:0 a.m.8 views

eLabFTW 安全漏洞

eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW 5.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the login process...

5.9CVSS5.9AI score0.00254EPSS
Exploits0References2
talosblog
talosblog
added 2026/04/21 12:0 p.m.14 views

Phishing and MFA exploitation: Targeting the keys to the kingdom

In 2025, attackers increasingly targeted weaknesses in multi-factor authentication MFA workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations. Phishi...

5.8AI score
Exploits0
githubexploit
githubexploit
added 2026/04/19 7:34 a.m.133 views

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

5.8AI score
Exploits0
veracode
veracode
added 2026/04/10 4:13 p.m.4 views

Improper Authentication

github.com/zitadel/zitadel is vulnerable to improper authentication. The vulnerability is due to MFA being enforced only when explicitly required by policy, which allows an attacker to bypass additional authentication factors and exploit weaker single-factor sessions, potentially compromising...

9.8CVSS5.8AI score0.00336EPSS
Exploits0References3Affected Software1
packetstormnews
packetstormnews
added 2026/04/10 12:0 a.m.4 views

S3CDM: A Secret-Sharing-Scheme-Based Cyberattack Detection Model and Its Simulation Implementation

We design and develop a secret-sharing-scheme-based cyberattack detection modelS3CDMthat can detect unauthorized or illegal activities especially insider attacks and protect sensitive information within complex network infrastructures of large organizations. The model splits a secret among a grou...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/04/02 4:56 p.m.5 views

CVE-2026-5175

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

5CVSS5.9AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder