EUVD-2025-198648

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud , has compromised hundreds of npm packages, according to reports from Aikido,...

CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

CVE-2025-12628

CVE-2025-12628 concerns the WordPress plugin “WP 2FA” where backup codes are generated with insufficient entropy, enabling brute-force attempts to bypass the second factor. Affected software: WP 2FA (Two-factor authentication for WordPress) — versions up to 3.0.0 (per enrichment). Root cause: bac...

EUVD-2025-198602

Malicious code in lion-second-package npm...

Malicious code in lion-second-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0070c2e566c699a1be9bf159d90a6b42fad16d6c4f74b7315c262ed5e5897f09 The package lion-second-package was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview lion-second-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-190625 Malicious code in lion-second-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0070c2e566c699a1be9bf159d90a6b42fad16d6c4f74b7315c262ed5e5897f09 The package lion-second-package was found to contain malicious code. Source: ghsa-malware...

PT-2025-47905

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

WordPress plugin WP 2FA 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence AI platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Assist's agent-to-agen...

kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfscchangeclass when...

A Perfect Storm: DDoS Attack Hits Turkish Luxury Retailer During Fall Collection Launch

When high-stakes events meet unprecedented attack volumes, disruption can be devastating. A Turkish luxury retail platform experienced this firsthand when it was hit with a record-breaking application-layer DDoS attack, peaking at 14.2 million requests per second RPS. This marks the largest DDoS...

EUVD-2024-55078

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

CVE-2025-64292

creationtimestamp| type| source ---|---|--- 2025-11-13 10:19:38+00:00| seen| https://gist.github.com/Darkcrai86/3f2e71dd0871da43af5244fe91af3988 2025-11-13 11:30:30+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5j2tx6a3p22 2025-11-13 13:37:06+00:00| seen|...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990612 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix underflow in second superblock position calculations Macro NILFSSB2OFFSETBYTES, which...

GO-2025-4083 Zitadel May Bypass Second Authentication Factor in github.com/zitadel/zitadel

Zitadel May Bypass Second Authentication Factor in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, pleas...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989508 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990087)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990087 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc...