Lucene search
K

498 matches found

Vulnrichment
Vulnrichment
added 2025/12/11 4:4 a.m.4 views

CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS6.6AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/11 4:4 a.m.7 views

EUVD-2025-202648

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS6.5AI score0.00274EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 4:4 a.m.29 views

CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS0.00274EPSS
Exploits0References3
CVE
CVE
added 2025/12/11 4:4 a.m.17 views

CVE-2025-11984

GitLab CE/EE had an authentication bypass vulnerability (CVE-2025-11984) where an authenticated user could bypass WebAuthn 2FA by manipulating session state under certain conditions. Affected versions: 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2. Remediation is via patched rele...

6.8CVSS6.6AI score0.00274EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/11 4:4 a.m.7 views

CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS6.9AI score0.00274EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50577

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS7AI score0.00274EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.7 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

6.8CVSS6.2AI score0.00274EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.5 views

FreeBSD : Gitlab -- vulnerabilities (c6c9306e-d645-11f0-8ce2-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c6c9306e-d645-11f0-8ce2-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in...

8.7CVSS7.8AI score0.0076EPSS
Exploits0References12
FreeBSD
FreeBSD
added 2025/12/10 12:0 a.m.9 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in vulnerability reports impacts GitLab CE/EE Cross-site scripting issue in Swagger UI impacts GitLab CE/EE Denial of service issue in GraphQL endpoints impacts GitLab CE/EE Authentication bypass issue for...

8.7CVSS6.9AI score0.0076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.9 views

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

4.3CVSS6.6AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 6:15 p.m.4 views

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

4.3CVSS0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 6:0 p.m.22 views

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

3.1CVSS0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 6:0 p.m.6 views

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

3.1CVSS6.2AI score0.00235EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 6:0 p.m.14 views

CVE-2025-66558

The issue affects Nextcloud Twofactor WebAuthn (WebAuthn Two-Factor Provider). Before versions 1.4.2 and 2.4.1, a missing ownership check allowed an attacker to remove a victim’s WebAuthn 2FA device by correctly guessing an 80–128 character random string. After a successful guess, the victim was ...

4.3CVSS6.2AI score0.00235EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 6:0 p.m.8 views

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

3.1CVSS6.5AI score0.00235EPSS
Exploits0References6
Nextcloud
Nextcloud
added 2025/12/05 7:50 a.m.8 views

WebAuthn app was updated based on public key

None...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.6 views

WebAuthn second factor provider for Nextcloud 安全漏洞

WebAuthn second factor provider for Nextcloud is an open source two-factor authentication software from Nextcloud. A security vulnerability exists in WebAuthn second factor provider for Nextcloud versions prior to 1.4.2 and prior to 2.4.1, which stems from a lack of ownership checking and could...

4.3CVSS6.6AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49302

Name of the Vulnerable Software and Affected Versions Nextcloud Twofactor WebAuthn versions prior to 1.4.2 Nextcloud Twofactor WebAuthn versions prior to 2.4.1 Description A missing ownership check allows an attacker to remove a user's WebAuthn two-factor authentication device by correctly guessi...

4.3CVSS6.7AI score0.00235EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/11/25 4:6 p.m.3 views

org.keycloak/keycloak-services: WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.7AI score0.00202EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.10 views

Fedora 43 : webkitgtk (2025-6f3e9e3af6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6f3e9e3af6 advisory. Prevent unsafe URI schemes from participating in media playback. Make jscvaluearraybuffergetdata function introspectable. Fix logging in to Google...

9.8CVSS7.3AI score0.03955EPSS
Exploits1References16
Rows per page
Query Builder