Race Condition

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Race Condition due to a race condition in the login process. An attacker can obtain multiple valid session tokens by...

CVE-2023-49032

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone...

Improper Control of Interaction Frequency

Overview django-phone-verify is an A Django app to support phone number verification using security code sent via SMS. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to the absence of failed attempt tracking and lockout mechanisms in the...

EUVD-2018-19673

Malware in sbrugna...

EUVD-2023-53056

Malicious code in bioql PyPI...

EUVD-2024-45488

Malicious code in bioql PyPI...

EUVD-2025-13277

Malicious code in bioql PyPI...

CVE-2023-42571

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device...

CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32888

GoTenna Mesh CVE-2025-32888 affects devices running app 5.5.3 with firmware 1.1.12, where the verification token used for sending SMS through a goTenna server is hardcoded in the app. Reported impact indicators show high severity (CVSS v3.1: base score 8.8) with confidentiality, integrity, and av...

CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2024-51688

Cross-Site Request Forgery CSRF vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through = 1.10.1...

CVE-2024-51688

Cross-Site Request Forgery CSRF vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through = 1.10.1...

CVE-2024-51688 WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through = 1.10.1...

CVE-2024-51688

CVE-2024-51688 — FraudLabs Pro SMS Verification (WordPress) A CSRF-induced Cross‑Site Scripting vulnerability exists in the FraudLabs Pro SMS Verification WordPress plugin for versions up to 1.10.1. The issue allows a stored XSS payload to be injected and persisted via a CSRF context. Reported un...

CVE-2024-51688 WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through = 1.10.1...

PT-2024-34834 · Fraudlabs Pro · Fraudlabs Pro Sms Verification

Name of the Vulnerable Software and Affected Versions: FraudLabs Pro SMS Verification versions 1.10.1 and earlier Description: A Cross-Site Request Forgery CSRF issue exists in FraudLabs Pro SMS Verification, allowing Stored XSS. Recommendations: For versions 1.10.1 and earlier, update to a versi...

Crooks bank on Microsoft&#8217;s search engine to phish customers

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft's search engine. A Bing search query for 'Keybank login' currently returns malicious links on the first page, and sometimes as the top search result. We have reported the fraudulent sites to Microsof...

WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin FraudLabs Pro SMS Verification versions = 1.10.1...

WordPress FraudLabs Pro SMS Verification Plugin <= 1.10.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software FraudLabs Pro SMS Verification Type Plugin Vulnerable versions = 1.10.1 Fixed in 1.10.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51688 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 7924a0d6c9b2 Credits...