73 matches found
EUVD-2001-1443
Malware in sbrugna...
EUVD-2001-1150
Malware in sbrugna...
EUVD-2013-4102
Malware in sbrugna...
EUVD-2018-0428
Malware in sbrugna...
EUVD-2025-4378
Malicious code in bioql PyPI...
EUVD-2025-12233
Malicious code in bioql PyPI...
PT-2025-30390 · WordPress · Orion Login With Sms
Name of the Vulnerable Software and Affected Versions: Orion Login with SMS plugin for WordPress versions up to and including 1.0.5 Description: The Orion Login with SMS plugin for WordPress is susceptible to authentication bypass due to insufficient security measures in the olws handle verify...
PT-2025-30272 · Sophos · Sophos Firewall
Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 21.0 MR2 21.0.2 Description: A command injection vulnerability exists in the WebAdmin component of Sophos Firewall. This issue can allow adjacent attackers to achieve pre-authentication code execution on High...
CVE-2025-48372
Schule before version 1.0.1 uses generateOTP() to create a 4-digit numeric OTP, yielding a small keyspace (1000–9999, i.e., 9000 possibilities) that is vulnerable to brute-force attacks if rate-limiting or lockout is absent. The issue is fixed in version 1.0.1. Connected sources corroborate the a...
CVE-2025-42600
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password OTP attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to...
CVE-2025-42600
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password OTP attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to...
CVE-2025-42600 Brute Force Attack Vulnerability in Meon KYC solutions
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password OTP attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to...
CVE-2025-42600
CVE-2025-42600 affects Meon KYC solutions and is tied to missing restrictions on the number of incorrect OTP attempts in certain login API endpoints. The vulnerability allows brute-forcing OTPs and could enable unauthorized access to other user accounts. Documented details consistently describe t...
PT-2025-17611 · Unknown · Meon Kyc Solutions
Name of the Vulnerable Software and Affected Versions: Meon KYC solutions affected versions not specified Description: The issue is caused by missing restrictions on the number of incorrect One-Time Password OTP attempts through certain API endpoints of the login process. A remote attacker could...
CVE-2025-1629
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...
CVE-2025-1629 Excitel Broadband Private my Excitel App One-Time Password excessive authentication
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...
CVE-2025-1629 Excitel Broadband Private my Excitel App One-Time Password excessive authentication
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...
CVE-2024-6637
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the...
OATH Toolkit: Privilege Escalation
Background OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC 4226, the time-based TOTP algorithm RFC 6238, and Portable Symmetric...
[SECURITY] Fedora 41 Update: oath-toolkit-2.6.12-1.fc41
The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...