Lucene search
K

24 matches found

The Hacker News
The Hacker News
โ€ขadded 2026/01/21 3:42 p.m.โ€ข8 views

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service DoS and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers MMRs that could permit a meeting...

9.9CVSS7AI score0.12965EPSS
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2026/01/07 9:10 a.m.โ€ข12 views

CVE-2019-16766

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0...

8.8CVSS6.8AI score0.01162EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข3 views

EUVD-2013-4101

Malware in sbrugna...

5CVSS6.4AI score0.01411EPSS
Exploits0References5
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข6 views

EUVD-2025-6263

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00409EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข7 views

EUVD-2022-0533

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00738EPSS
Exploits0References8
RedhatCVE
RedhatCVE
โ€ขadded 2025/06/23 8:38 a.m.โ€ข7 views

CVE-2025-49591

CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication 2FA in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the...

9.1CVSS7.3AI score0.00442EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 4:28 a.m.โ€ข8 views

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

7.5CVSS7AI score0.00614EPSS
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 3:38 a.m.โ€ข7 views

CVE-2023-28862

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

9.8CVSS6.9AI score0.00957EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 8:4 a.m.โ€ข7 views

CVE-2019-11576

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

9.8CVSS6.7AI score0.01749EPSS
Exploits0References1
OpenVAS
OpenVAS
โ€ขadded 2025/05/20 12:0 a.m.โ€ข11 views

Nextcloud Server Session Handling Vulnerability (GHSA-9h3w-f3h4-qqrh)

Nextcloud Server is prone to a session handling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.4CVSS6.9AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/04/29 8:45 p.m.โ€ข14 views

CVE-2025-3910

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. Mitigation No current mitigations are available for this vulnerability...

5.4CVSS5.3AI score0.00368EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/04/17 12:0 a.m.โ€ข23 views

Joomla! 4.x < 4.4.13 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.13 or 5.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities. - Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr metho...

9.8CVSS9.9AI score0.00451EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/04/17 12:0 a.m.โ€ข16 views

Joomla! 5.x < 5.2.6 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.13 or 5.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities. - Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr metho...

9.8CVSS9.9AI score0.00451EPSS
Exploits0References5
CVE
CVE
โ€ขadded 2025/03/13 11:18 a.m.โ€ข80 views

CVE-2025-29996

CVE-2025-29996 affects the CAP back office application. The issue is an improper implementation of the OTP verification in the API-based login, allowing a remote attacker with valid credentials to manipulate API requests to bypass 2FA for other user accounts. The core vulnerability is in the OTP/...

8.2CVSS6.6AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/02/16 12:18 p.m.โ€ข4 views

CVE-2025-26522

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could...

7.5CVSS6.9AI score0.00393EPSS
Exploits0References1
GithubExploit
GithubExploit
โ€ขadded 2025/02/14 1:42 p.m.โ€ข377 views

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

WordPress CVE-2024-10924 Exploit ๐Ÿ“Œ Overview This repository...

9.8CVSS7.5AI score0.81722EPSS
Exploits21
NVD
NVD
โ€ขadded 2025/02/14 12:15 p.m.โ€ข13 views

CVE-2025-26522

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could...

7.5CVSS0.00393EPSS
Exploits0References1
NCSC
NCSC
โ€ขadded 2024/05/03 12:0 a.m.โ€ข5 views

Vulnerabilities fixed in pgAdmin

Vulnerabilities have been fixed in pgAdmin. A malicious party could exploit the vulnerabilities to bypass any set two-factor authentication in order to bypass it and gain easier access gain access to the system, or to launch a Cross-Site-Scripting XSS attack. attack. Such an attack can lead to...

7.4CVSS7.4AI score0.00629EPSS
Exploits1
Hacker One
Hacker One
โ€ขadded 2024/05/01 9:22 p.m.โ€ข19 views

HackerOne: Two-factor authentication bypass lead to information disclosure about the program and all hackers participate

Vulnerability description not provided...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2023/03/31 12:0 a.m.โ€ข5 views

PT-2023-22013 ยท Unknown ยท Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.16.1 Description: An issue was discovered in LemonLDAP::NG that allows attackers to bypass 2FA verification due to weak session ID generation in the AuthBasic handler and incorrect failure handling during a...

9.8CVSS9.4AI score0.00957EPSS
Exploits1References19
Rows per page
Query Builder