CVE-2026-43930 Parse Server: MFA SMS one-time password accepted twice under concurrent login

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...

CVE-2025-9967

CVE-2025-9967 concerns the WordPress plugin Orion SMS OTP Verification. The vulnerability is an authentication bypass enabling privilege escalation via account takeover in versions

WordPress SMS OTP Easy Login with Mocean Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software SMS OTP Easy Login with Mocean Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f36dc3803d0f Credits Rafie Muhammad...

How to change SMS OTP passcode length

This article introduces how to change the length of SMS OTP password...

Mail.ru: Full account takeover am.ru

m.am.ru had no sufficient protection against bruteforce for SMS OTP. am.ru is not currently covered by Bug Bounty program...