CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

PT-2026-21733

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Thunderbird versions prior to 148 Description A spoofing issue exists in the WebAuthn component in Firefox for Android. This issue affects Firefox and Thunderbird. Recommendations Update Firefox to version 148 or...

YSA-2026-02 | Yubico

A security update is available for the Yubico open-source software project webauthn-server-core to resolve a user impersonation vulnerability. No Yubico hardware is affected. In specific implementations, an attacker that has an existing account with a relying party RP can authenticate as a target...

GitLab 13.1 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-11984)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAut...

WordPress WP-WebAuthn plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wwaloginform Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP-WebAuthn versions = 1.3.3...

Linux Distros Unpatched Vulnerability : CVE-2025-11984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowe...

MiracleLinux 9 : firefox-91.10.0-1.el9.ML.1 (AXSA:2022-4016:31)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4016:31 advisory. Mozilla: Cross-Origin resource's length leaked CVE-2022-31736 Mozilla: Heap buffer overflow in WebGL CVE-2022-31737 Mozilla: Browser window spoof...

MiracleLinux 8 : firefox-91.10.0-1.el8.ML.1 (AXSA:2022-3739:18)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3739:18 advisory. Mozilla: Cross-Origin resource's length leaked CVE-2022-31736 Mozilla: Heap buffer overflow in WebGL CVE-2022-31737 Mozilla: Browser window spoof...

CVE-2023-49208

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration...

CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

BIT-GITLAB-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...

CVE-2025-11984

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

UBUNTU-CVE-2025-11984

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

CVE-2025-11984

GitLab CE/EE had an authentication bypass vulnerability (CVE-2025-11984) where an authenticated user could bypass WebAuthn 2FA by manipulating session state under certain conditions. Affected versions: 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2. Remediation is via patched rele...

CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

EUVD-2025-202648

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...