Lucene search
K

1238 matches found

NVD
NVD
added yesterday6 views

CVE-2026-55370

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-55377

Technical details about CVE-2026-55377 are not publicly available in the provided documents. Monitor for updates.

8.1CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-55370

Technical details about CVE-2026-55370 are not publicly available in the provided documents. Monitor for updates.

6.4CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday26 views

CVE-2026-55370 Logto: TOTP code can be replayed within the RFC 6238 validity window (one-time use violation)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS
Exploits0References4
CVE
CVE
added 4 days ago11 views

CVE-2026-48949

CVE-2026-48949 affects Joomla! Core — XSS in MFA method management due to lack of input validation in MFA management views. Affected component: core MFA method management in Joomla. Root cause: insufficient validation enabling cross-site scripting. Impact: XSS in MFA management interfaces; exact ...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 4 days ago7 views

CVE-2026-48949 Joomla! Core - [20260703] - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42060

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-48949 Joomla! Core - [20260703] - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-48949

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 4 days ago17 views

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a...

6.1AI score
Exploits0
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-14536

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

0.00231EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41905

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

6AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-14536

CVE-2026-14536 affects Devolutions Server 2026.2.9.0. The issue is improper enforcement of a mandatory multi-factor authentication policy, allowing an attacker with valid credentials to bypass MFA and authenticate without completing MFA due to an invalid default MFA value. The available sources d...

8.8CVSS6AI score0.00231EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-55970

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.9.0 Description Improper enforcement of a mandatory multi-factor authentication policy allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/07/01 5:46 a.m.15 views

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface CLI, compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range 2a0a:d683::/32 controlled by...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

7.7CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.17 views

CVE-2026-56350

CVE-2026-56350 affects n8n prior to 2.8.0. The vulnerability is an authentication bypass that allows authenticated SSO users to disable SSO enforcement via the API, enabling creation of local password credentials to authenticate directly and bypass organizational SSO policies and identity-provide...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54039

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.8.0 Description An authentication bypass exists that allows authenticated Single Sign-On SSO users to disable SSO enforcement via the API. This allows attackers to create local password credentials to authenticate...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:45 p.m.7 views

EUVD-2026-38392

Filament: Multi-factor authentication app recovery codes can still be used multiple times via concurrent submission...

7.4CVSS5.8AI score0.00193EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

pgAdmin < 9.16 Stored XSS / Open Redirect

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by multiple vulnerabilities: - Text returned by a PostgreSQL server, including error messages, quoted object names, and EXPLAIN fields, is passed verbatim through html-react-parser at every user-facin...

9.3CVSS7.3AI score0.00218EPSS
Exploits0References5
Rows per page
Query Builder