40 matches found
EUVD-2020-19927
Malware in sbrugna...
EUVD-2020-2646
Malware in sbrugna...
EUVD-2025-14224
Malicious code in bioql PyPI...
EUVD-2024-42269
Malicious code in bioql PyPI...
EUVD-2024-45399
Malicious code in bioql PyPI...
EUVD-2025-4208
Malicious code in bioql PyPI...
CVE-2024-47086
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API...
CVE-2024-51561
This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process...
CVE-2024-48143
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders...
CVE-2025-4094
The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...
CVE-2020-27416
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account...
CVE-2020-24359
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...
CVE-2025-4094
The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...
PT-2025-22323 · WordPress · Digits: Wordpress Mobile Number Signup/Login
Name of the Vulnerable Software and Affected Versions: The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin versions prior to 8.4.6.1 Description: The issue concerns the lack of rate limiting for OTP validation attempts, making it possible for attackers to brute force them...
CVE-2025-3876
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with...
CVE-2025-3876
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with...
CVE-2025-3876
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with...
CVE-2025-3876
CVE-2025-3876 affects SMS Alert Order Notifications – WooCommerce (WordPress). The vulnerability is a Privilege Escalation due to insufficient OTP validation in handleWpLoginCreateUserAction(), affecting all versions up to 3.8.1. Authenticated users with Subscriber+ access can impersonate other a...
PT-2025-20621 · WordPress · Sms Alert Order Notifications
Name of the Vulnerable Software and Affected Versions: SMS Alert Order Notifications – WooCommerce plugin for WordPress versions up to, and including, 3.8.1 Description: The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient...
CVE-2025-26522
This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could...