Lucene search
K

129 matches found

OSV
OSV
added 2025/07/11 5:15 p.m.10 views

AZL-65082 CVE-2025-45582 affecting package tar 1.35-2

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS6.7AI score0.00433EPSS
Exploits1References1
OSV
OSV
added 2025/07/11 5:15 p.m.2 views

UBUNTU-CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS6.6AI score0.00433EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.12 views

ArgHiTZ at ArchEHR-QA 2025: a Two-Step Divide and Conquer Approach to Patient Question Answering for Top Factuality

This work presents three different approaches to address the ArchEHR-QA 2025 Shared Task on automated patient question answering. We introduce an end-to-end prompt-based baseline and two two-step methods to divide the task, without utilizing any external knowledge. Both two step approaches first...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.6 views

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

9.8CVSS6.8AI score0.00948EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/19 9:54 p.m.2 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:openpgp is a JavaScript implementation of the OpenPGP protocol. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the openpgp.verify or openpgp.decrypt functions. An attacker can manipulate the message content to...

8.7CVSS6.8AI score0.00642EPSS
Exploits0References2
Veracode
Veracode
added 2025/04/30 4:28 a.m.6 views

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability is due to missing authentication enforcement, which allows users to enroll in courses without completing two-step verification...

4.3CVSS6.8AI score0.00219EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/04/25 3:31 p.m.7 views

GHSA-QHC7-XHC2-7P7W Moodle self enrollment available before completing second factor with MFA enabled

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS7AI score0.00219EPSS
Exploits0References6
NVD
NVD
added 2025/04/25 2:15 p.m.10 views

CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS0.00219EPSS
Exploits0References2
OSV
OSV
added 2025/04/25 2:15 p.m.6 views

CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS7.2AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2025/04/25 2:15 p.m.2 views

UBUNTU-CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS5.7AI score0.00219EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/25 2:2 p.m.5 views

CVE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS7.3AI score0.00219EPSS
Exploits0References2
CVE
CVE
added 2025/04/25 2:2 p.m.86 views

CVE-2025-3634

Summary of CVE-2025-3634 (Moodle) : Moodle self-enrollment can occur before completing required MFA/second-factor checks, enabling students to enroll prematurely on sites with MFA enabled. The connected OSV/BIT-MOODLE entries corroborate that self-enrolment bypasses MFA, and the problem is descri...

4.3CVSS4.8AI score0.00219EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/22 11:5 p.m.21 views

CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS7AI score0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

Moodle 授权问题漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. An authorization issue vulnerability exists in Moodle, which stems from the fact that a student can bypass security checks a...

4.3CVSS4.8AI score0.00219EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.5 views

PT-2025-17906

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A security issue was discovered that allows students to enroll in courses without completing necessary safety checks, including two-step verification processes. This enables users to sign up f...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References25
RedhatCVE
RedhatCVE
added 2025/02/05 3:36 a.m.8 views

CVE-2024-45394

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...

8.8CVSS6.6AI score0.00088EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.5 views

PT-2025-9966

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 through 6.12 Description A vulnerability in the Linux kernel has been identified, related to the handling of bpf timers. The issue arises when the hrtimer cancel function attempts to acquire a lock that is already...

4.7CVSS7AI score0.00154EPSS
Exploits0
OSV
OSV
added 2024/12/02 2:15 p.m.13 views

AZL-54243 CVE-2024-53121 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock...

5.5CVSS6.8AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.9 views

Pterodactyl 安全漏洞

Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. A security vulnerability exists in Pterodactyl versions prior to 1.11.8 that stems from passwords being recorded in plaintext in logs when a user disables two-step authentication; if a malicious user...

4.6CVSS6.4AI score0.0014EPSS
Exploits0References3
Filippo.io
Filippo.io
added 2024/09/25 8:42 p.m.7 views

The FIPS Compliance of HKDF

HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...

7.3AI score
Exploits0
Rows per page
Query Builder