25 matches found
CVE-2021-22057
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify...
CVE-2020-12812
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...
EUVD-2019-16041
Malware in sbrugna...
EUVD-2019-6574
Malware in sbrugna...
EUVD-2023-45258
Malicious code in bioql PyPI...
EUVD-2023-44927
Malicious code in bioql PyPI...
EUVD-2021-9222
Malicious code in bioql PyPI...
EUVD-2025-6203
Malicious code in bioql PyPI...
EUVD-2021-30021
Malicious code in bioql PyPI...
CVE-2025-47951 Weblate lacks rate limiting when verifying second factor
Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...
CVE-2025-47951 Weblate lacks rate limiting when verifying second factor
Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...
Weblate 安全漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12, which stems from a failure to rate-limit second-factor authentication and could lead to OTP guessing...
DRUPAL-CONTRIB-2025-055
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings...
Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't invoke two factor authentication 2FA for the password reset option. This vulnerability is mitigated by the fact that an attacker must have access to the password reset link...
CVE-2025-25450
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...
CVE-2025-25450
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...
[SECURITY] [DLA 4040-1] pam-u2f security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4040-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 03, 2025 https://wiki.debian.org/LTS -...
CVE-2023-40702
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...
CVE-2023-40356 PingOne MFA Integration Kit MFA bypass
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...
CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...