Lucene search
K

473 matches found

Vulnrichment
Vulnrichment
added 2026/06/04 11:3 p.m.7 views

CVE-2026-10906

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:3 p.m.16 views

CVE-2026-10906

CVE-2026-10906 : Use-after-free in WebAuthentication of Google Chrome before 149.0.7827.53 allows a remote attacker, user must engage in specific UI gestures, potentially leading to heap corruption via a crafted HTML page. Affected component: WebAuthentication in Chrome/Chromium stack. Root cause...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 11:3 p.m.8 views

CVE-2026-10906

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.5AI score0.00326EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.8 views

PT-2026-46790

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in WebAuthentication allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.7 views

PT-2026-46771

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00207EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/20 11:23 a.m.10 views

keycloak: org.keycloak.authentication: Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.9 views

Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/05/19 12:16 p.m.12 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS0.0044EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 10:52 a.m.8 views

CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4
CVE
CVE
added 2026/05/19 10:52 a.m.42 views

CVE-2026-37982

Keycloak contains an authentication vulnerability (CVE-2026-37982) where an attacker can replay ExecuteActionsActionToken tokens in the WebAuthn flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim’s account, enabling unauthorized enrol...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/19 10:52 a.m.15 views

EUVD-2026-30886

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:52 a.m.7 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/19 10:52 a.m.10 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 9:31 a.m.6 views

GHSA-G8VR-X4QH-25QG Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.7AI score0.00392EPSS
Exploits0References12
NVD
NVD
added 2026/05/19 7:16 a.m.16 views

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS0.00392EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/19 6:4 a.m.12 views

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.8AI score0.00392EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/19 6:4 a.m.50 views

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS0.00392EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/19 5:0 a.m.10 views

Client-Side Enforcement of Server-Side Security

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security through the processAction registration flow in the WebAuthn...

5.3CVSS5.5AI score0.00392EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41872

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the WebAuthn Web Authentication flow allows a remote attacker to replay ExecuteActionsActionToken tokens. By intercepting an execute-actions email link, an attacker can register...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41833

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. The issue exists because the server-side processAction...

4.3CVSS5.2AI score0.00392EPSS
Exploits0References18
Rows per page
Query Builder