GHSA-H4FW-6R7F-W494 Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

EUVD-2025-208914

The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the wwaauth AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

CVE-2025-62652

CVE-2025-62652 is a stored XSS in the Wikimedia Foundation MediaWiki WebAuthn extension (versions 1.39, 1.43, 1.44). The underlying issue is improper neutralization of input during web page generation, enabling stored Cross-Site Scripting. Affected component: WebAuthn extension for MediaWiki; imp...

EUVD-2025-19088

Malicious code in bioql PyPI...

CVE-2024-47650

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Axton WP-WebAuthn wp-webauthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through = 1.3.1...

CVE-2024-12225

CVE-2024-12225 affects Quarkus, specifically the quarkus-security-webauthn module. The vulnerability arises because default REST endpoints for user registration/login remain accessible when developers add custom endpoints, potentially allowing an attacker to obtain a login cookie with no correspo...

CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...

PT-2024-6991 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.58 Microsoft Edge affected versions not specified Description: The issue is related to a use-after-free vulnerability in the WebAuthentication WebAuthn implementation, allowing a remote attacker to...