CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

NVD•added 2026/03/16 2:17 p.m.•9 views

CVE-2025-11500

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

8.7CVSS0.00275EPSS

Exploits0References6

OSV•added 2025/05/14 6:5 p.m.•2 views

DRUPAL-CONTRIB-2025-061

This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent one time login links from bypassing TFA. This vulnerability is mitigated by the fact that an attacker must have access to an email accou...

4.8CVSS7AI score0.00217EPSS

Exploits0References1

Cvelist•added 2025/05/07 9:32 p.m.•16 views

CVE-2025-46826 insa-auth Open-Redirect on provided CAS server login endpoint

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...

5.3CVSS0.00429EPSS

Exploits0References4

CNNVD•added 2024/10/09 12:0 a.m.•7 views

Syracom Secure Login 安全漏洞

Syracom Secure Login is a secure login plugin from Syracom. A security vulnerability exists in Syracom Secure Login that stems from a secondary authentication that can be bypassed by interacting with the /rest endpoint...

9.1CVSS7AI score0.00336EPSS

Exploits0References2

Microsoft Secure•added 2024/05/23 1:0 p.m.•10 views

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...

7.5AI score

Exploits0

OSV•added 2024/03/06 5:15 p.m.•3 views

CVE-2024-20301

A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of t...

6.2CVSS5.8AI score

Exploits0References1

NVD•added 2024/03/06 5:15 p.m.•12 views

CVE-2024-20301

6.2CVSS6.3AI score0.00266EPSS

Exploits0References1

CVE•added 2024/03/06 4:28 p.m.•75 views

CVE-2024-20301

Cisco Duo Authentication for Windows Logon and RDP is affected by an authentication bypass vulnerability. The issue stems from failure to invalidate locally created trusted sessions after reboot, allowing an authenticated, physical attacker to bypass secondary authentication and access the Window...

6.2CVSS6.3AI score0.00266EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/03/06 4:28 p.m.•19 views

CVE-2024-20301

6.2CVSS6.5AI score0.00266EPSS

Exploits0References1

Vulnrichment•added 2024/03/06 4:28 p.m.•21 views

CVE-2024-20301

6.2CVSS6.9AI score0.00266EPSS

Exploits0References1

Cisco•added 2024/03/06 4:0 p.m.•36 views

Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability

6.2CVSS6.3AI score0.00266EPSS

Exploits0References1

CNNVD•added 2024/03/06 12:0 a.m.•3 views

Cisco Duo 安全漏洞

Cisco Duo is a fully managed solution from Cisco, Inc. Provides secure access to your applications and data. An authentication bypass vulnerability exists in Cisco Duo that stems from the inability to disable locally created trusted sessions after an affected device reboots, which can be exploite...

6.2CVSS6.9AI score0.00266EPSS

Exploits0References2

OSV•added 2023/06/28 3:15 p.m.•1 views

CVE-2023-20199

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configur...

6.6CVSS5.8AI score

Exploits0References1

NVD•added 2023/06/28 3:15 p.m.•15 views

CVE-2023-20199

6.6CVSS6.3AI score0.00293EPSS

Exploits0References1

Prion•added 2023/06/28 3:15 p.m.•13 views

Authentication flaw

4.3CVSS6.4AI score0.00293EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/06/28 12:0 a.m.•15 views

CVE-2023-20199 Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability

6.2CVSS6.6AI score0.00293EPSS

Exploits0References1

ATTACKERKB•added 2023/06/21 4:0 p.m.•3 views

CVE-2023-20199

6.6CVSS6.7AI score0.00293EPSS

Exploits0References2

ThreatPost•added 2021/09/06 3:29 p.m.•62 views

Human Fraud: Detecting Them Before They Detect You

This is Part II of a two-part blog series taking readers inside the criminal enterprise that is account-takeover fraud. For part I, please click here. In my last blog, we focused on the initial phases of the account-takeover ATO kill chain – recon, weaponization and delivery – and how attackers...

7.3AI score

Exploits0References8

Cvelist•added 2020/02/19 3:5 a.m.•22 views

CVE-2011-2054 Cisco ASA Secondary Authentication Bypass Vulnerability

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper...

4.3CVSS7.7AI score0.00858EPSS

Exploits0References1

Vulnrichment•added 2020/02/19 3:5 a.m.•10 views

CVE-2011-2054 Cisco ASA Secondary Authentication Bypass Vulnerability

4.3CVSS7.2AI score0.00858EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by