24 matches found
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service DoS and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers MMRs that could permit a meeting...
CVE-2019-16766
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0...
EUVD-2013-4101
Malware in sbrugna...
EUVD-2025-6263
Malicious code in bioql PyPI...
EUVD-2022-0533
Malicious code in bioql PyPI...
CVE-2025-49591
CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication 2FA in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the...
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
CVE-2023-28862
An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...
CVE-2019-11576
Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...
Nextcloud Server Session Handling Vulnerability (GHSA-9h3w-f3h4-qqrh)
Nextcloud Server is prone to a session handling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-3910
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. Mitigation No current mitigations are available for this vulnerability...
Joomla! 4.x < 4.4.13 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.13 or 5.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities. - Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr metho...
Joomla! 5.x < 5.2.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.13 or 5.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities. - Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr metho...
CVE-2025-29996
CVE-2025-29996 affects the CAP back office application. The issue is an improper implementation of the OTP verification in the API-based login, allowing a remote attacker with valid credentials to manipulate API requests to bypass 2FA for other user accounts. The core vulnerability is in the OTP/...
CVE-2025-26522
This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
WordPress CVE-2024-10924 Exploit ๐ Overview This repository...
CVE-2025-26522
This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could...
Vulnerabilities fixed in pgAdmin
Vulnerabilities have been fixed in pgAdmin. A malicious party could exploit the vulnerabilities to bypass any set two-factor authentication in order to bypass it and gain easier access gain access to the system, or to launch a Cross-Site-Scripting XSS attack. attack. Such an attack can lead to...
HackerOne: Two-factor authentication bypass lead to information disclosure about the program and all hackers participate
Vulnerability description not provided...
PT-2023-22013 ยท Unknown ยท Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.16.1 Description: An issue was discovered in LemonLDAP::NG that allows attackers to bypass 2FA verification due to weak session ID generation in the AuthBasic handler and incorrect failure handling during a...