EUVD-2021-1973

Malware in sbrugna...

EUVD-2019-16761

Malware in sbrugna...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-7382

Summary (CVE-2025-7382) : A command-injection vulnerability exists in the WebAdmin component of Sophos Firewall versions older than 21.0 MR2 (21.0.2). If OTP authentication for the admin user is enabled, adjacent attackers can achieve pre-auth code execution on High Availability (HA) auxiliary de...

CVE-2021-22189

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues...

Exploit for CVE-2025-4094

CVE-2025-4094 – WordPress Digits Plugin This method is usefu...

CVE-2024-54294

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through = 1.0.1...

CVE-2024-54294 WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1...

CVE-2024-54294 WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through = 1.0.1...

WordPress plugin Firebase OTP Authentication 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-51558

This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain...

GHSA-RMMC-8CQJ-HFP3 Authentication Bypass in otpauth

Versions of otpauth prior to 3.2.8 are vulnerable to Authentication Bypass. The package's totp.validate function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens. Recommendation...

CVE-2020-1744

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events...

CVE-2020-1744

CVE-2020-1744 – Keycloak before 9.0.1: A flaw in configuring a Conditional OTP Authentication Flow as a post-login flow causes failure login events for OTP not to be sent to the brute force protection event queue, so BruteForceProtector does not handle these events. Affected product: Keycloak (ve...

CVE-2020-1744

A flaw was found in keycloak. BruteForceProtector does not handle Conditional OTP Authentication Flow login failure events due to these events not being sent to the brute force protection event queue. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

Authentication Bypass

Overview Versions of otpauth prior to 3.2.8 are vulnerable to Authentication Bypass. The package's totp.validate function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens...

Unspecified vulnerability in BHIM application for Android (CNVD-2019-41447)

BHIM application for Android is an Android platform based mobile payment application by National Payments India. A security vulnerability exists in the National Payments Corporation in version 1.3 of the India BHIM application for Android-based platform, which stems from the program's reliance on...