SophiaX

🔍

LIVE

· New victim: ************* — insomnia· New victim: sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· New victim: 2,775 new IOCs ingested in last 24h ************* — insomnia· New victim: sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· 2,775 new IOCs ingested in last 24h

← Vulnerabilities

CVE-2026-56450

Published: 2026-06-22Modified: 2026-06-22

—

CVSS v3

—

EPSS

AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable brute-force guessing of a valid code and bypass the intended second authentication factor, resulting in unauthorized account access. The patch introduces per-user failed-OTP tracking, blocks verification after 30 failed attempts for one hour, clears the counter after a successful OTP verification, and provides administrator recovery actions to purge affected lockouts.

💣 Public Exploits0

From Exploit-DB

No public exploits in Exploit-DB.

🔍 Sigma Detection Rules0

Rules tagged with this CVE

No Sigma rules tagged with this CVE.

📎 References1

↗ https://github.com/ail-project/ail-framework/commit/d3a394fe68fd5aeee86f3a3c91d4a0350f91e974

View on NVD ↗

Recent Victims14 today

*************

United States

insomnia

sansilvestre.edu.pe

PE

krybit

JMS Southeast

akira

Padget Technologies

akira

Delegal Poindexter & Underkofler, P.A.

morpheus

ISOPLUS

Greece

qilin

Quest Health Solutions

anubis

mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB

MY

stormous

jaggroup.com UPDATE-FULL DATA DUMP NEW LINK

stormous

maglificioliliana.com

stormous

lorenzoni-store.com

Italy

stormous

montechiaro-store.com

Italy

stormous

impulso-store.com

Mexico

stormous

Adapt******

shinyhunters

lpgroup

nova

alejandria

nova

transvill

nova

Jit Ex

akira

transvill.com.pe

PE

nova

Miami Machine

United States

akira

New KEV Entries4 this week

CVE-2025-67038LOW

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

CVE-2026-34908CRITICAL

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

CVE-2026-34910CRITICAL

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

CVE-2026-34909CRITICAL

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an unde

CVE-2026-20253CRITICAL

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulner

CVE-2026-48907LOW

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

CVE-2026-54420HIGH

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running Clou

CVE-2026-20262LOW

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an aff

CVE-2026-35273CRITICAL

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploita

CVE-2026-10520CRITICAL

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution