By weakness (CWE)

CWE-308: related vulnerabilities

CVEs classified under CWE-308. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-45749HIGH 8.1

    Termix, a web-based server management platform, has a critical flaw in how it protects two-factor authentication (2FA) settings. Before version 2.3.2, an attacker who knows a user's password can disable TOTP (a common 2FA method) or reset backup codes without needing the user's phone or any 2FA code. This means that if your password leaks—whether through phishing, credential stuffing, or a separate data breach—an attacker can lock you out of your 2FA protection and gain full access to your account. The vulnerability has been patched in version 2.3.2.