CVE-2026-55370: CWE-294: Authentication Bypass by Capture-replay in logto-io logto
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained…
Read the full articleYou might also wanna read

CVE-2026-56073: Authentication Bypass Vulnerability in Cap-go OTP Verification
Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verificatio

WAF - WAF Release - 2025-07-07
This week’s roundup uncovers critical vulnerabilities affecting enterprise VoIP systems, webmail platforms, and a popular JavaScript framewo
Analysis of CVE-2025-14986: Temporal's Masked Namespace Vulnerability Enabling Cross-Tenant Security Bypass
A deep dive into CVE-2025-14986, a masked namespace vulnerability in Temporal that enabled cross-tenant policy and schema confusion via bund
Technical Analysis of CVE-2025-10035: A CVSS 10.0 Vulnerability in Fortra GoAnywhere MFT
File transfer used to be simple fun - fire up your favourite FTP client, log in to a glFTPd site, and you were done. Fast forward to 2025, a
labs.watchtowr.com·9mo ago
WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link

Comments
Sign in to join the conversation.
No comments yet. Be the first.