1357 matches found
CVE-2025-67070
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication MFA mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to th...
CVE-2025-67070
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication MFA mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to th...
CVE-2023-40060
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...
CVE-2025-67070
The CVE-2025-67070 entry concerns Intelbras CFTV IP NVD 9032 R Ftd, v2.800.00IB00C.0.T, where an unauthenticated attacker can bypass MFA during password recovery, enabling the attacker to change the admin password and gain full access to the admin panel. Affected components/versions are consisten...
CVE-2025-67070
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication MFA mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to th...
Intelbras CFTV IP NVD 9032 R Ftd 安全漏洞
Intelbras CFTV IP NVD 9032 R Ftd is a network video recorder from Intelbras, Brazil. A security vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which stems from a multi-factor authentication mechanism that can be bypassed, potentially resulting in elevated privileges...
Lone Hacker Used Infostealers to Access Data at 50 Global Companies
A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett & Associates, by using stolen passwords and a lack of MFA...
Security Advisory: Credential Theft Incidents - ownCloud
Comprehensive MFA options with administrative controls to enforce policies organization-wide, plus alerts when risky settings are used Embedded network and web application firewalls that are pre-configured and continuously updatedâno customer maintenance required Zero-trust architecture with...
SUSE CVE-2025-67495
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the postlogoutredirect GET parameter. As a result, unauthenticate...
PT-2025-54218
Name of the Vulnerable Software and Affected Versions FortiOS affected versions not specified Description A flaw in FortiOS allows bypassing of multi-factor authentication MFA through manipulation of username case. This issue is currently being exploited. The exploitation involves tricking the...
CVE-2025-62004
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
CVE-2025-62003
BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...
CVE-2025-62004 BullWall Server Intrusion Protection (SIP) initialization race condition
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
CVE-2025-62004 BullWall Server Intrusion Protection (SIP) initialization race condition
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
CVE-2025-62004
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
CVE-2025-62003 BullWall Server Intrusion Protection RDP MFA connection delay
BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...
CVE-2025-62003 BullWall Server Intrusion Protection RDP MFA connection delay
BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...
BullWall Server Intrusion Protection 安全漏洞
BullWall Server Intrusion Protection is a server security software from the Danish company BullWall. A security vulnerability exists in BullWall Server Intrusion Protection versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4, which stems from a delayed MFA check and could lead to a privileged attacke...
Security by Design: Why Multi-Factor Authentication Matters More Than Ever
In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational - embedded into products and service...
Improper Authentication Control
Filament is vulnerable to improper authentication control. The vulnerability is due to improper handling of app-based MFA recovery codes, which allows an attacker to reuse the same recovery code indefinitely to bypass authentication...