Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities
CVE-2025-41259 (GCVE-0-2025-41259)
Vulnerability from cvelistv5 – Published: 2026-06-03 11:01 – Updated: 2026-06-03 12:37
VLAI
Title
SWUpdate Untrusted Script Execution via Signed Update TOCTOU
Summary
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check time-of-use (TOCTOU) race condition
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://github.com/sbabic/swupdate/commit/f4bd642… | patch |
| https://github.com/sbabic/swupdate | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41259",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T12:36:39.603308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T12:37:01.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251206-01_SWUpdate_Untrusted_Script_Execution_via_Signed_Update_TOCTOU"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SWUpdate",
"repo": "https://github.com/sbabic/swupdate",
"vendor": "sbabic",
"versions": [
{
"lessThan": "2026.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reinhard Kugler (SBA Research)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update."
}
],
"value": "SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T11:01:59.871Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251206-01_SWUpdate_Untrusted_Script_Execution_via_Signed_Update_TOCTOU"
},
{
"tags": [
"patch"
],
"url": "https://github.com/sbabic/swupdate/commit/f4bd64260e233e207354d68d572b1cbc3e63689d"
},
{
"tags": [
"product"
],
"url": "https://github.com/sbabic/swupdate"
}
],
"source": {
"advisory": "SBA-ADV-20251206-01",
"discovery": "UNKNOWN"
},
"title": "SWUpdate Untrusted Script Execution via Signed Update TOCTOU",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2025-41259",
"datePublished": "2026-06-03T11:01:59.871Z",
"dateReserved": "2025-04-16T09:37:50.631Z",
"dateUpdated": "2026-06-03T12:37:01.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41258 (GCVE-0-2025-41258)
Vulnerability from cvelistv5 – Published: 2026-03-18 11:08 – Updated: 2026-03-18 14:19
VLAI
Title
LibreChat RAG API Authentication Bypass
Summary
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://github.com/danny-avila/LibreChat | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| danny-avila | LibreChat |
Affected:
0.8.1-rc2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T14:19:38.492927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T14:19:49.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreChat",
"repo": "https://github.com/danny-avila/LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "0.8.1-rc2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lisa Gnedt (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Michael Koppmann (SBA Research)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eLibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.\u003c/div\u003e"
}
],
"value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T11:08:19.866Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass"
},
{
"tags": [
"product"
],
"url": "https://github.com/danny-avila/LibreChat"
}
],
"source": {
"advisory": "SBA-ADV-20251205-01",
"discovery": "UNKNOWN"
},
"title": "LibreChat RAG API Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2025-41258",
"datePublished": "2026-03-18T11:08:19.866Z",
"dateReserved": "2025-04-16T09:37:50.631Z",
"dateUpdated": "2026-03-18T14:19:49.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41257 (GCVE-0-2025-41257)
Vulnerability from cvelistv5 – Published: 2026-03-04 22:43 – Updated: 2026-03-09 20:59
VLAI
Title
Suprema BioStar 2 Insecure Password Change
Summary
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
Severity
4.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://www.supremainc.com/en/platform/hybrid-sec… | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41257",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:59:23.621480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:59:30.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251104-02_Suprema_BioStar_2_Insecure_Password_Change"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BioStar 2",
"vendor": "Suprema",
"versions": [
{
"status": "affected",
"version": "2.9.11.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakob Hagl (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Marija Radosavljevi\u0107 (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eSuprema\u2019s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Suprema\u2019s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T22:43:53.077Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251104-02_Suprema_BioStar_2_Insecure_Password_Change"
},
{
"tags": [
"product"
],
"url": "https://www.supremainc.com/en/platform/hybrid-security-platform-biostar-2.asp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Suprema BioStar 2 Insecure Password Change",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2025-41257",
"datePublished": "2026-03-04T22:43:53.077Z",
"dateReserved": "2025-04-16T09:37:50.631Z",
"dateUpdated": "2026-03-09T20:59:30.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41255 (GCVE-0-2025-41255)
Vulnerability from cvelistv5 – Published: 2025-06-25 09:21 – Updated: 2025-06-25 13:33
VLAI
Title
Cyberduck and Mountain Duck - Improper Certificate Store Handling
Summary
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.
This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://github.com/iterate-ch/cyberduck/security/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| iterate GmbH | Cyberduck |
Affected:
0 , ≤ 9.1.6
(semver)
|
|
| iterate GmbH | Mountain Duck |
Affected:
0 , ≤ 4.17.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41255",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T13:33:24.899723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:33:27.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cyberduck",
"repo": "https://github.com/iterate-ch/cyberduck",
"vendor": "iterate GmbH",
"versions": [
{
"lessThanOrEqual": "9.1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mountain Duck",
"vendor": "iterate GmbH",
"versions": [
{
"lessThanOrEqual": "4.17.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Kostal"
},
{
"lang": "en",
"type": "finder",
"value": "Andreas Boll"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctt\u003e\u003c/tt\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eCyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u0026nbsp;4.17.5.\u003c/p\u003e"
}
],
"value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T09:28:38.711Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cyberduck and Mountain Duck - Improper Certificate Store Handling",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2025-41255",
"datePublished": "2025-06-25T09:21:37.479Z",
"dateReserved": "2025-04-16T09:37:50.630Z",
"dateUpdated": "2025-06-25T13:33:27.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41256 (GCVE-0-2025-41256)
Vulnerability from cvelistv5 – Published: 2025-06-25 09:16 – Updated: 2025-06-25 13:34
VLAI
Title
Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint
Summary
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.
This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.
Severity
7.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-328 - Use of Weak Hash
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://github.com/iterate-ch/cyberduck/security/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| iterate GmbH | Cyberduck |
Affected:
0 , ≤ 9.1.6
(semver)
|
|
| iterate GmbH | Mountain Duck |
Affected:
0 , ≤ 4.17.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41256",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T13:34:04.627890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:34:07.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-02_Cyberduck_Mountain_Duck_Weak_Hash"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-688c-vjrc-84rv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cyberduck",
"repo": "https://github.com/iterate-ch/cyberduck",
"vendor": "iterate GmbH",
"versions": [
{
"lessThanOrEqual": "9.1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mountain Duck",
"vendor": "iterate GmbH",
"versions": [
{
"lessThanOrEqual": "4.17.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Kostal"
},
{
"lang": "en",
"type": "finder",
"value": "Andreas Boll"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eCyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eThis issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.\u003c/p\u003e"
}
],
"value": "Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.\n\n\n\n\n\n\n\nThis issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328: Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T09:16:58.586Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-02_Cyberduck_Mountain_Duck_Weak_Hash"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-688c-vjrc-84rv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2025-41256",
"datePublished": "2025-06-25T09:16:58.586Z",
"dateReserved": "2025-04-16T09:37:50.631Z",
"dateUpdated": "2025-06-25T13:34:07.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13919 (GCVE-0-2024-13919)
Vulnerability from cvelistv5 – Published: 2025-03-10 10:03 – Updated: 2025-03-10 17:02
VLAI
Title
Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://github.com/laravel/framework/pull/53869 | patch |
| https://github.com/laravel/framework/releases/tag… | release-notes |
| http://www.openwall.com/lists/oss-security/2025/03/10/4 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Affected:
11.9.0 , ≤ 11.35.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:38:06.695003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:41:35.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:42.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:03:01.374Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13919",
"datePublished": "2025-03-10T10:03:01.374Z",
"dateReserved": "2025-03-04T18:11:39.565Z",
"dateUpdated": "2025-03-10T17:02:42.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13918 (GCVE-0-2024-13918)
Vulnerability from cvelistv5 – Published: 2025-03-10 10:02 – Updated: 2025-03-10 17:02
VLAI
Title
Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://github.com/laravel/framework/pull/53869 | patch |
| https://github.com/laravel/framework/releases/tag… | release-notes |
| http://www.openwall.com/lists/oss-security/2025/03/10/3 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Affected:
11.9.0 , ≤ 11.35.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:55:25.311761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:55:46.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:40.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:02:29.530Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13918",
"datePublished": "2025-03-10T10:02:29.530Z",
"dateReserved": "2025-03-04T18:11:33.625Z",
"dateUpdated": "2025-03-10T17:02:40.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5676 (GCVE-0-2024-5676)
Vulnerability from cvelistv5 – Published: 2024-06-19 09:47 – Updated: 2025-02-13 17:54
VLAI
Title
Paradox IP150 Internet Module Cross-Site Request Forgery
Summary
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://www.paradox.com/Products/default.asp?CATI… | product |
| http://seclists.org/fulldisclosure/2024/Jun/8 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Paradox Security Systems (Bahamas) Ltd. | IP150 Internet Module |
Affected:
1.40.00
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:15:35.821602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T17:16:23.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.paradox.com/Products/default.asp?CATID=3\u0026SUBCATID=38\u0026PRD=563"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jun/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IP150 Internet Module",
"vendor": "Paradox Security Systems (Bahamas) Ltd.",
"versions": [
{
"status": "affected",
"version": "1.40.00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakob Pachmann (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eThe Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T04:06:00.778Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery"
},
{
"tags": [
"product"
],
"url": "https://www.paradox.com/Products/default.asp?CATID=3\u0026SUBCATID=38\u0026PRD=563"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jun/8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Paradox IP150 Internet Module Cross-Site Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-5676",
"datePublished": "2024-06-19T09:47:38.961Z",
"dateReserved": "2024-06-06T10:51:57.573Z",
"dateUpdated": "2025-02-13T17:54:26.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5658 (GCVE-0-2024-5658)
Vulnerability from cvelistv5 – Published: 2024-06-06 10:32 – Updated: 2025-09-03 07:08
VLAI
Title
CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
Summary
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://plugins.craftcms.com/two-factor-authentic… | product |
| https://github.com/born05/craft-twofactorauthenti… | release-notes |
| http://www.openwall.com/lists/oss-security/2024/06/06/2 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Born05 | CraftCMS Plugin - Two-Factor Authentication |
Affected:
0 , ≤ 3.3.3
(custom)
|
|
| born05 | craft_cms |
Affected:
0 , ≤ 3.3.3
(custom)
cpe:2.3:a:born05:craft_cms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:born05:craft_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "craft_cms",
"vendor": "born05",
"versions": [
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T13:23:29.089917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:24:57.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/06/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CraftCMS Plugin - Two-Factor Authentication",
"repo": "https://github.com/born05/craft-twofactorauthentication",
"vendor": "Born05",
"versions": [
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Pachmann (SBA Research)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eThe CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:08:56.470Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use"
},
{
"tags": [
"product"
],
"url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/06/2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 3.3.4 or later."
}
],
"value": "Update to version 3.3.4 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-5658",
"datePublished": "2024-06-06T10:32:07.239Z",
"dateReserved": "2024-06-05T16:36:00.494Z",
"dateUpdated": "2025-09-03T07:08:56.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5657 (GCVE-0-2024-5657)
Vulnerability from cvelistv5 – Published: 2024-06-06 10:29 – Updated: 2025-09-03 07:13
VLAI
Title
CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
Summary
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-499 - Serializable Class Containing Sensitive Data
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/sbaresearch/advisories/tree/pu… | third-party-advisory |
| https://plugins.craftcms.com/two-factor-authentic… | product |
| https://github.com/born05/craft-twofactorauthenti… | release-notes |
| http://www.openwall.com/lists/oss-security/2024/06/06/1 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Born05 | CraftCMS Plugin - Two-Factor Authentication |
Affected:
3.3.1 , ≤ 3.3.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T15:45:33.517016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:45:58.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/06/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CraftCMS Plugin - Two-Factor Authentication",
"repo": "https://github.com/born05/craft-twofactorauthentication",
"vendor": "Born05",
"versions": [
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "3.3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Pachmann (SBA Research)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eThe CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-499",
"description": "CWE-499 Serializable Class Containing Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:13:32.028Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure"
},
{
"tags": [
"product"
],
"url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/06/1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 3.3.4 or later."
}
],
"value": "Update to version 3.3.4 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-5657",
"datePublished": "2024-06-06T10:29:40.393Z",
"dateReserved": "2024-06-05T16:36:00.302Z",
"dateUpdated": "2025-09-03T07:13:32.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}