259 matches found
CVE-2026-55196
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMESWEBUIPASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options an...
EUVD-2025-210215
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-55196 Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMESWEBUIPASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options an...
CVE-2026-55196
Hermes WebUI prior to version 0.51.409 contains an authentication bypass in passkey registration. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register are accessible without authentication, allowing an att...
CVE-2025-48640
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48640
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48640
CVE-2025-48640 is described across multiple connected sources as a remote elevation of privilege in Android components caused by a missing permission check during 3rd‑party passkey entry pairing approval. The impact is high (CVE notes adjacent/remote escalation with no user interaction) with a lo...
PT-2026-50223
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
CVE-2026-49955
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
EUVD-2026-35494
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
CVE-2026-49955
Hermes WebUI vulnerable before version 0.51.270 to resource exhaustion via the passkey/options endpoint. Unauthenticated remote attackers can degrade availability by repeatedly posting to the authentication endpoint, causing unbounded growth of the challenge store and high CPU/disk I/O due to rep...
CVE-2026-49955 Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
CVE-2026-49955 Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
PT-2026-47853
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
Hermes Web UI 安全漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.270 contained security vulnerabilities. These vulnerabilities were due to a resource exhaustion issue, which could allow unauthenticated remote attackers to reduce the...
USN-8355-1: SSSD vulnerability
It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service...
USN-8355-1 sssd vulnerability
It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service...
Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
...
SUSE CVE-2026-46056
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...