CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

493 matches found

Tenable Nessus•added 2025/08/09 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-6433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would ...

9.8CVSS7.3AI score0.00244EPSS

Exploits0References2

Tenable Nessus•added 2025/08/09 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-31742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles a...

6.5CVSS7.6AI score0.00594EPSS

Exploits0References2

Tenable Nessus•added 2025/08/07 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2024-4768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects...

6.1CVSS7.5AI score0.00539EPSS

Exploits1References2

RedhatCVE•added 2025/07/31 8:3 p.m.•2 views

CVE-2025-53102

Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared...

9.8CVSS6.9AI score0.00436EPSS

Exploits0References1

OSV•added 2025/07/31 8:44 a.m.•3 views

BIT-DISCOURSE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication

9.8CVSS5.8AI score0.00436EPSS

Exploits0References4

NVD•added 2025/07/29 8:15 p.m.•7 views

CVE-2025-53102

9.8CVSS0.00436EPSS

Exploits0References3

CVE•added 2025/07/29 7:24 p.m.•22 views

CVE-2025-53102

CVE-2025-53102 affects Discourse: prior to 3.4.7 (stable) and 3.5.0.beta.8 (tests-passed), issuing a physical security key for 2FA generates a WebAuthn challenge that is not cleared from the user session after authentication, potentially allowing reuse and increasing security risk. Affected versi...

9.8CVSS6.8AI score0.00436EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/07/29 7:24 p.m.•7 views

CVE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication

8.2CVSS0.00436EPSS

Exploits0References3

Vulnrichment•added 2025/07/29 7:24 p.m.•3 views

CVE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication

8.2CVSS6.2AI score0.00436EPSS

Exploits0References3

CNNVD•added 2025/07/29 12:0 a.m.•3 views

Discourse 授权问题漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. An authorization issue vulnerability exists in Discourse versions prior to 3.4.7 and prior to 3.5.0.beta.8, which stems from an uncleare...

9.8CVSS6.4AI score0.00436EPSS

Exploits0References3

Positive Technologies•added 2025/07/29 12:0 a.m.•6 views

PT-2025-31259 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.4.7 on the stable branch Discourse versions prior to 3.5.0.beta.8 on the tests-passed branch Description: Discourse is an open-source community discussion platform. Upon issuing a physical security key for...

8.2CVSS6.8AI score0.00436EPSS

Exploits0References9

OSV•added 2025/07/21 2:20 p.m.•2 views

GHSA-56R6-CCM5-8HG3 Alchemy Non-SMA and Webauthn Account Security Advisory

Impact A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted. Patches Please direct creation of new wallets to either createSemiModularAccount on AccountFactory.sol or...

9.3CVSS7.2AI score

Exploits0References4

Filippo.io•added 2025/07/14 3:17 p.m.•7 views

Encrypting Files with Passkeys and age

Typage age-encryption on npm is a TypeScript1 implementation of the age file encryption format. It runs with Node.js, Deno, Bun, and browsers, and implements native age recipients, passphrase encryption, ASCII armoring, and supports custom recipient interfaces, like the Go implementation. However...

6.8AI score

Exploits0

Tenable Nessus•added 2025/07/02 12:0 a.m.•4 views

Mozilla Thunderbird < 140.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-54 advisory. - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of...

9.8CVSS7.1AI score0.03057EPSS

Exploits0References12

SUSE CVE•added 2025/06/24 11:24 p.m.•4 views

SUSE CVE-2025-6433

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...

5.4CVSS7.2AI score0.00244EPSS

Exploits0References6

NVD•added 2025/06/24 1:15 p.m.•5 views

CVE-2025-6433

9.8CVSS0.00244EPSS

Exploits0References3

OSV•added 2025/06/24 1:15 p.m.•1 views

UBUNTU-CVE-2025-6433

9.8CVSS6.4AI score0.00244EPSS

Exploits0References6

Cvelist•added 2025/06/24 12:28 p.m.•9 views

CVE-2025-6433 WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate