Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/04/10 3:34 p.m.4 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00056EPSS
Exploits1References2
OSV
OSVadded 2026/03/27 7:14 a.m.1 views

BIT-PARSE-2026-33627 Parse Server: Auth data exposed via /users/me endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.61 and 9.6.0, an authenticated user calling GET /users/me receives unsanitized auth data, including sensitive credentials such as MFA TOTP secrets and recovery codes. The...

7.1CVSS5.8AI score0.00039EPSS
Exploits0References6
EUVD
EUVDadded 2026/03/24 8:17 p.m.1 views

EUVD-2026-14980

Parse Server exposes auth data via /users/me endpoint...

7.1CVSS5.8AI score0.00039EPSS
Exploits0References5
OSV
OSVadded 2026/03/24 8:17 p.m.2 views

GHSA-37MJ-C2WF-CX96 Parse Server exposes auth data via /users/me endpoint

Impact An authenticated user calling GET /users/me receives unsanitized auth data, including sensitive credentials such as MFA TOTP secrets and recovery codes. The endpoint internally uses master-level authentication for the session query, and the master context leaks through to the user data,...

7.1CVSS5.8AI score0.00039EPSS
Exploits0References7
Cvelist
Cvelistadded 2024/09/17 5:12 p.m.24 views

CVE-2024-8796 Insufficient Default OTP Shared Secret Length

Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...

6CVSS0.00245EPSS
Exploits0References1
The Hacker News
The Hacker Newsadded 2023/04/25 4:33 a.m.3 views

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords TOTPs to the cloud. "This change means users are better protected from lockout and...

6.7AI score
Exploits0
The Hacker News
The Hacker Newsadded 2022/08/10 10:13 a.m.32 views

Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the...

0.2AI score
Exploits0
Malwarebytes
Malwarebytesadded 2021/09/30 11:11 a.m.28 views

Telegram-powered bots circumvent 2FA

Two-factor authentication is a great way to protect your online accounts, and we always recommend you turn it on. But where users put up walls, you can be sure there are cybercriminals trying to break them down. Yesterday, security intelligence firm, Intel 147, revealed it had noticed an uptick o...

0.3AI score
Exploits0
Rows per page
Query Builder