CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

CVE-2025-12628

CVE-2025-12628 concerns the WordPress plugin “WP 2FA” where backup codes are generated with insufficient entropy, enabling brute-force attempts to bypass the second factor. Affected software: WP 2FA (Two-factor authentication for WordPress) — versions up to 3.0.0 (per enrichment). Root cause: bac...

CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

PT-2025-47905

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

WordPress plugin WP 2FA 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Zitadel May Bypass Second Authentication Factor

Summary A vulnerability in Zitadel's token verification prematurely marked sessions as authenticated when only one factor was verified. Impact Zitadel provides an API for managing sessions, enabling custom login experiences in a dedicated UI or direct integration into applications. Session Tokens...

CVE-2025-64103 Zitadel Bypass Second Authentication Factor

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

CVE-2025-64103 Zitadel Bypass Second Authentication Factor

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

EUVD-2019-6574

Malware in sbrugna...

EUVD-2019-16041

Malware in sbrugna...

USN-7806-1: PAM/U2F vulnerability

It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

USN-7806-1 pam-u2f vulnerability

It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

EUVD-2025-19010

Malicious code in bioql PyPI...

EUVD-2025-6203

Malicious code in bioql PyPI...

EUVD-2021-9222

Malicious code in bioql PyPI...

EUVD-2023-45258

Malicious code in bioql PyPI...

EUVD-2021-30021

Malicious code in bioql PyPI...

EUVD-2023-44927

Malicious code in bioql PyPI...

EUVD-2025-27406

Malicious code in bioql PyPI...

EUVD-2025-18400

Malicious code in bioql PyPI...