Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/20 12:14 a.m.5 views

CVE-2026-56212

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.32 views

CVE-2026-56212 Capgo - Improper 2FA Enforcement Logic via Team Security Settings

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.27 views

CVE-2026-56212

Capgo has a authentication logic flaw where a user who can manage team/organization security settings can enable mandatory 2FA for all members without validating their own 2FA status. This may lead to inconsistent security enforcement, administrative misuse, and potential lockout risk for team me...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51042

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication logic flaw exists where a user authorized to manage team or organization security settings can enforce mandatory two-factor authentication 2FA for all team members without having 2...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-0685

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00331EPSS
Exploits0References3
Circl
Circl
added 2024/10/03 9:38 p.m.8 views

CVE-2024-41592

creationtimestamp| type| source ---|---|--- 2024-10-03 21:38:19+00:00| seen| https://t.me/cvedetector/6931 2024-12-16 13:40:18+00:00| seen| https://t.me/truesecator/6544 2025-01-10 22:09:32+00:00| seen| https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lfg7gqembb2q...

8CVSS7.9AI score0.01397EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/27 2:44 p.m.14 views

CVE-2023-27263 IDOR: Accessing playbook runs via the Playbooks Runs API

A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of...

4.3CVSS6.7AI score0.00499EPSS
Exploits0References1
Huntr
Huntr
added 2022/08/15 1:27 p.m.30 views

Improper Authorization lead a user add an arbitrary agent into Team

Description A Vulnerability in edit team function lead an user add another user via ID to Team, alternatively know the email of every user in Chatwoot Step to reproduce - login to the app -navigate to the Team setting: https://app.chatwoot.com/app/accounts/id/settings/teams/list -Create new or ed...

5.5CVSS6.9AI score0.00512EPSS
Exploits1
Fedora
Fedora
added 2022/04/28 5:53 a.m.24 views

[SECURITY] Fedora 35 Update: gopass-1.13.1-2.fc35

The slightly more awesome standard unix password manager for teams...

7.5CVSS1.4AI score0.03931EPSS
Exploits0
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.606 views

Joomla! paGO Commerce 2.5.9.0 SQL Injection

Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/02/18 4:30 p.m.64 views

A week in security (February 11 – 17)

Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Linux-HA Heartbeat 1.2.3/2.0.x Insecure Default Permissions on Shared Memory Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19186/info Since Linux-HA Heartbeat has insecure default permissions set on shared memory, local attackers may be able to cause a denial of service. Exploitation would most likely result in a system crash, loss of data, a...

7.1AI score
Exploits0
Dsquare
Dsquare
added 2012/02/01 12:0 a.m.73 views

Joomla Component com_jr_tfb LFI

A simple LFI Vulnerability Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

0.9AI score
Exploits0References1
seebug.org
seebug.org
added 2006/10/27 12:0 a.m.34 views

Linux-HA Heartbeat Insecure Default Permissions on Shared Memory Vulnerability

No description provided by source. / Intruders Tiger Team Security http://www.intruders.org.br/ Heartbeat 2.0.6 Insecure Shared Memory - Local Denial of Service. Credits: Yan Rong Ge, see link below: http://secunia.com/advisories/21162/ Tested on Heartbeat 2.0.5. Thanks for Wendel Guglielmetti,...

7.1AI score
Exploits0
Rows per page
Query Builder