182 matches found
CVE-2025-12628
CVE-2025-12628 concerns the WordPress plugin “WP 2FA” where backup codes are generated with insufficient entropy, enabling brute-force attempts to bypass the second factor. Affected software: WP 2FA (Two-factor authentication for WordPress) — versions up to 3.0.0 (per enrichment). Root cause: bac...
PT-2025-47905
The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...
WordPress plugin WP 2FA 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Zitadel May Bypass Second Authentication Factor
Summary A vulnerability in Zitadel's token verification prematurely marked sessions as authenticated when only one factor was verified. Impact Zitadel provides an API for managing sessions, enabling custom login experiences in a dedicated UI or direct integration into applications. Session Tokens...
CVE-2025-64103 Zitadel Bypass Second Authentication Factor
Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...
CVE-2025-64103 Zitadel Bypass Second Authentication Factor
Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...
EUVD-2019-16041
Malware in sbrugna...
EUVD-2019-6574
Malware in sbrugna...
USN-7806-1 pam-u2f vulnerability
It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...
USN-7806-1: PAM/U2F vulnerability
It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...
EUVD-2025-18400
Malicious code in bioql PyPI...
EUVD-2025-27406
Malicious code in bioql PyPI...
EUVD-2025-19010
Malicious code in bioql PyPI...
EUVD-2023-45258
Malicious code in bioql PyPI...
EUVD-2023-44927
Malicious code in bioql PyPI...
EUVD-2021-9222
Malicious code in bioql PyPI...
EUVD-2025-6203
Malicious code in bioql PyPI...
EUVD-2021-30021
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-28833
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of seco...
Proxmox Virtual Environment 安全漏洞
Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability exists in Proxmox Virtual Environment version 8.4, which stems from a U2F Origin field stored cross-site scripting vulnerability that could lead to...