Lucene search
K

7 matches found

FreeBSD
FreeBSD
added 2026/05/20 12:0 a.m.16 views

gitea -- multiple vulnerabilities

The Gitea team reports: CVE-2026-27783: incorrect read permission check CVE-2026-25714: public-only token filtering bypass CVE-2026-20706: missing token scope checking CVE-2026-27771: unauthenticated access to private container images CVE-2026-28744: git smart HTTP request scope bug CVE-2026-2869...

9.8CVSS6.1AI score0.40738EPSS
Exploits7References2
SUSE CVE
SUSE CVE
added 2026/05/12 3:58 a.m.4 views

SUSE CVE-2025-6015

Vault and Vault Enterprise's “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.7CVSS5.8AI score0.00286EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 3:18 p.m.23 views

CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS0.00258EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/06 12:44 a.m.29 views

CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

6.5CVSS0.00321EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.5 views

PT-2025-37762

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay DXP versions 7.3 GA through update 35 Liferay DXP versions 7.4 GA through update 92 Description: The software allows a time-based one-time password TOTP to...

2.1CVSS6.6AI score0.00165EPSS
Exploits0References7
OSV
OSV
added 2025/08/05 8:53 a.m.8 views

BIT-VAULT-2025-6015 Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse

Vault and Vault Enterprise’s “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.7CVSS6.2AI score0.00286EPSS
Exploits0References2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/08/01 5:28 p.m.7 views

Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse

Summary Vault and Vault Enterprise’s “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. This vulnerability, CVE-2025-6015, is fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. Background Vault’s login MFA is the...

5.7CVSS6.4AI score0.00286EPSS
Exploits0Affected Software1
Rows per page
Query Builder