2500 matches found
CVE-2026-48896 Joomla! Core - [20260511] - MFA Authentication Bypass
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
CVE-2026-48896
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
EUVD-2026-31890
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
CVE-2026-48896
CVE-2026-48896 affects Joomla! Core MFA authentication, caused by insufficient state checks that allow bypassing 2FA. The CVE entry cites a 2FA bypass vector with high impact ( Confidentiality/Integrity/Availability as noted in the CVSS data: integrity impact HIGH, others NONE/NEGLIGIBLE). Connec...
CVE-2026-48897
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
CVE-2026-48897 Joomla! Core - [20260512] - MFA Authentication Bypass
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
EUVD-2026-31883
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
PT-2026-43314
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient state checks create a vector that allows the bypass of two-factor authentication 2FA checks. Recommendations At the moment, there is no information...
PT-2026-43315
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient state checks create a vector that allows the bypass of two-factor authentication 2FA checks. Recommendations At the moment, there is no information...
Joomla! CMS 授权问题漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has authorization-related vulnerabilities, which stem from insufficient state checks, allowing bypasses of 2FA authentication...
Joomla! CMS 授权问题漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has authorization-related vulnerabilities, which stem from insufficient state checks, allowing bypasses of 2FA authentication...
Linux Distros Unpatched Vulnerability : CVE-2026-39828
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially droppin...
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...
Malicious code in @asura21232/fca-unofficial-nextgen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30540a72a722c901403164aeb090ca99999d3be2cc4d9e9f3ad99ef319fc2db2 This package presents itself as an unofficial Facebook Messenger client library, but its exported authentication helpers loginViaAPI, tokensViaAPI,...
Authen::TOTP 安全特征问题漏洞
Authen::TOTP is a two-factor authentication OTP generation and verification tool developed by tchatzi’s developer. Prior to version 0.1.1 of Authen::TOTP, there were security vulnerabilities related to the use of the Perl built-in rand function for generating secrets. This function is predictable...
Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover
Domain names are key assets for organisation. They anchor an organisation's online presence and reputation, and serve as linking pin for web services and, e.g., email. Consequently, a malicious takeover of a domain can lead to significant damages. Organisations register domain names through...
GHSA-6626-79JH-5CCR Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pq7-mfwh-xx2j. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the...
Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pq7-mfwh-xx2j. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the...
CVE-2026-45010
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by...
CVE-2026-45010 phpMyFAQ - Unauthenticated Two-Factor Authentication Brute-Force via /admin/check Endpoint
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by...