Lucene search
K

1380 matches found

CVE
CVE
added 2026/05/28 4:19 p.m.15 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social-login binding flow that bypasses MFA. The binding-rule path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable, so users authenticating through this path are logged in without MFA enforcement...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44420

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.9AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from logical flaws in the social login binding process, allowing users to...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References2
CERT
CERT
added 2026/05/28 12:0 a.m.11 views

Casdoor contains multiple authentication bypass and access management vulnerabilities

Overview Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoor’s Security Assertion Markup Language SAML processing, account binding, and token exchange...

9.8CVSS5.9AI score0.0042EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/27 11:41 a.m.13 views

Kali365 phishing kit bypasses MFA and steals Microsoft logins

When the Federal Bureau of Investigation FBI publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,” a phishing‑as‑a‑service PhaaS platform that helps even low‑skilled attackers hijack Microsoft 365...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/26 4:45 p.m.7 views

CVE-2026-48896 Joomla! Core - [20260511] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00297EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 4:44 p.m.30 views

CVE-2026-48897

CVE-2026-48897 relates to the Joomla! Core MFA authentication bypass. The issue is caused by insufficient state checks and, per the linked Joomla security advisory and NVD record, a vector that bypasses 2FA. Consequences stated include high impact on integrity with no confidentiality/availability...

8.2CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/26 4:44 p.m.40 views

CVE-2026-48897 Joomla! Core - [20260512] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

8.2CVSS0.00211EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/26 10:30 a.m.28 views

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

Multi-factor authentication MFA was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal...

5.9AI score
Exploits0
CheckPoint Security
CheckPoint Security
added 2026/05/24 12:0 a.m.10 views

CVE-2026-48136 - Authenticated Administrator Role-Based Access Control Bypass in Compliance

Symptoms - When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access...

4.1CVSS5.8AI score0.04102EPSS
Exploits0
NVD
NVD
added 2026/05/22 4:16 p.m.9 views

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

7.6CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 3:18 p.m.20 views

CVE-2026-9047

CVE-2026-9047 concerns Devolutions Server for versions 2026.1.6.0 through 2026.1.16.0. The issue is described as improper handling of factor key state in the multi‑factor authentication management feature, enabling an attacker who knows a user’s password to bypass MFA after the user reconfigures ...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/22 3:18 p.m.8 views

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 3:18 p.m.8 views

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

5.8AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 3:18 p.m.9 views

EUVD-2026-31450

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:18 p.m.7 views

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There were security vulnerabilities in the Devolutions Server version 2026.1.6.0 to 2026.1.16.0. These vulnerabilities...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.10 views

PT-2026-42788

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

5.8AI score0.00215EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/19 11:30 a.m.15 views

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/18 1:0 p.m.14 views

How to Reduce Phishing Exposure Before It Turns into Business Disruption

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread...

5.9AI score
Exploits0
Rows per page
Query Builder