Lucene search
K

231 matches found

EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43628

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday43 views

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

9.8CVSS7.1AI score0.13117EPSS
Exploits6References1
OSV
OSV
added 4 days ago2 views

MAL-2026-10133 Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
Schneier on Security
Schneier on Security
added 2026/06/04 11:4 a.m.16 views

Hacking Meta’s AI Chatbot

Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automate...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Yerootech iDS6 DSSPro Digital Signage System 安全漏洞

The Yerootech iDS6 DSSPro Digital Signage System is a digital signage management system developed by Yerootech that supports the distribution of multimedia content and centralized control. Version 6.2 of the Yerootech iDS6 DSSPro Digital Signage System contains a security vulnerability. This...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-30959

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

5.3CVSS5.9AI score0.00371EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32865

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00307EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/19 6:31 p.m.9 views

EUVD-2026-13122

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00307EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 3:47 p.m.4 views

CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 3:47 p.m.21 views

CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.4 views

CVE-2026-30959

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

5.3CVSS0.00371EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/10 5:6 p.m.6 views

EUVD-2026-10703

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

5.3CVSS5.8AI score0.00371EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24191

Name of the Vulnerable Software and Affected Versions OneUptime affected versions not specified Description The 'resend-verification-code' endpoint in OneUptime allows an authenticated user to trigger a verification code resend for any UserWhatsApp record by its itemId. A critical flaw exists...

5.3CVSS5.9AI score0.00371EPSS
Exploits1References10
HackRead
HackRead
added 2026/03/09 11:6 p.m.8 views

Dutch Intel Warns of Russian Hackers Hijacking Signal, WhatsApp Attacks

Dutch intelligence warns Russian hackers are hijacking Signal and WhatsApp accounts using fake support bots and verification code scams targeting officials and journalists...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.7 views

CVE-2025-70231

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

9.8CVSS6AI score0.00664EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 7:16 p.m.11 views

CVE-2025-70231

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

9.8CVSS0.00664EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 12:0 a.m.16 views

CVE-2025-70231

Summary: CVE-2025-70231 affects D-Link DIR-513 v1.10, where processing POST requests to /goform/formLogin enters /goform/getAuthCode and fails to filter the FILECODE parameter, causing a path-traversal vulnerability with high impact. The CVSSv3.1 base score is 9.8 (CRITICAL), with network access,...

9.8CVSS6AI score0.00664EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 11:2 p.m.7 views

CVE-2026-2895 funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

6.3CVSS4.2AI score0.00392EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2026/02/07 11:15 a.m.9 views

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Germany's Federal Office for the Protection of the Constitution aka Bundesamt für Verfassungsschutz or BfV and Federal Office for Information Security BSI have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/06 2:43 p.m.7 views

Apple Pay phish uses fake support calls to steal payment details

It started with an email that looked boringly familiar: Apple logo, a clean layout, and a subject line designed to make the target’s stomach drop. The message claimed Apple has stopped a high‑value Apple Pay charge at an Apple Store, complete with a case ID, timestamp, and a warning that the...

5.6AI score
Exploits0
Rows per page
Query Builder