15 matches found
EUVD-2021-12784
Malware in sbrugna...
EUVD-2024-37392
Malicious code in bioql PyPI...
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...
CVE-2025-30236
Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code skipping a password check if an HTTP POST request contains a SESSION parameter...
CVE-2024-38523
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...
Migration of Android Devices registered via GCM to FCM
There is no automatic update from Azure Notification Hub or Google Push Notification Service to migrate Android clients from the FCM legacy protocol to the latest FCMv1 protocol. As a result, affected users will need to manually re-register their devices with NetScaler Gateway. Please refer to th...
HackerOne: TOTP Authenticator implementation Accepts Expired Codes
Vulnerability description not provided...
CVE-2024-38523
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...
CVE-2024-38523 Hush Line OTP issue
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...
CVE-2024-38523
Hush Line vulnerability CVE-2024-38523 affects the Hush Line OTP flow. The issue is a lack of 2FA for changing security settings, enabling an attacker using CSRF or XSS primitives to alter settings without user interaction and credentials being required. The problem is mitigated in version 0.10. ...
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...
Cross site scripting
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...