Lucene search
K

498 matches found

Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.9 views

PT-2025-19841

Name of the Vulnerable Software and Affected Versions Quarkus affected versions not specified Description A vulnerability was found in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in, and when developers provi...

9.1CVSS7.2AI score0.00334EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.4 views

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications from the Quarkus open source. A security vulnerability exists in Quarkus that stems from an undisabled default REST endpoint in the quarkus-security-webauthn module, which could lead to arbitrary user login...

9.1CVSS8.8AI score0.00334EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2025/05/01 10:0 a.m.13 views

State-of-the-art phishing: MFA bypass

Cybercriminals are bypassing multi-factor authentication MFA using adversary-in-the-middle AiTM attacks via reverse proxies, intercepting credentials and authentication cookies. The developers behind Phishing-as-a-Service PhaaS kits like Tycoon 2FA and Evilproxy have added features to make them...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/02 11:10 p.m.10 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...

8.1CVSS5.8AI score0.00961EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 11:15 p.m.13 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...

8.1CVSS0.00961EPSS
Exploits0References10
OSV
OSV
added 2025/03/31 11:15 p.m.4 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...

8.1CVSS5.7AI score0.00961EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/03/31 10:23 p.m.15 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...

0.00961EPSS
Exploits0References5
CVE
CVE
added 2025/03/31 10:23 p.m.84 views

CVE-2025-24180

CVE-2025-24180 affects Apple Safari (and related Apple OS components: visionOS 2.4, iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4). The issue arises from insufficient input validation that could allow a malicious website to claim WebAuthn credentials from another site sharing a registrable suffix. Th...

8.1CVSS5.8AI score0.00961EPSS
Exploits0References10Affected Software5
Vulnrichment
Vulnrichment
added 2025/03/31 10:23 p.m.15 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...

5.8AI score0.00961EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.6 views

PT-2025-13880 · Apple · Ipados +5

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18.4 visionOS versions prior to 2.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4 Description: The issue was addressed with improved input validation. A malicious websit...

8.1CVSS5.4AI score0.00961EPSS
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/04 8:51 a.m.2 views

Malicious code in webauthn-codelab (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1db4dcddcb204fd78a848e02724ef26a5bac5da98f78246a3a90084b790868b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/03/04 8:51 a.m.2 views

MAL-2025-2141 Malicious code in webauthn-codelab (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1db4dcddcb204fd78a848e02724ef26a5bac5da98f78246a3a90084b790868b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/28 5:22 a.m.10 views

CVE-2024-12225

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...

9.1CVSS6.5AI score0.00334EPSS
Exploits0References3
Snyk
Snyk
added 2025/02/28 12:0 a.m.2 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel through the default REST endpoints. An attacker can bypass authentication controls and potentially log in as an existing user without proper credentials by exploiting these...

9.3CVSS7.2AI score0.00334EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/02/28 12:0 a.m.5 views

io.quarkus:quarkus-security-webauthn-deployment (>=3.0.0.Alpha1 <=3.18.0), io.quarkus:quarkus-test-security-webauthn (>=3.0.0.Alpha1 <=3.18.0) potentially affected by CVE-2024-12225 via io.quarkus:quarkus-security-webauthn (>=3.0.0.Alpha1 <=3.18.0)

io.quarkus:quarkus-security-webauthn MAVEN version =3.0.0.Alpha1, =3.0.0.Alpha1, =3.0.0.Alpha1, =3.18.0 Source cves: CVE-2024-12225 Source advisory: SNYK:JAVA-IOQUARKUS-9376953...

9.1CVSS7.2AI score0.00334EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/11/16 12:0 a.m.7 views

gitea -- multiple vulnerabilities

Problem Description: Fix basic auth with webauthn Refactor internal routers partial backport, auth token const time comparing...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.38 views

CentOS 7 : thunderbird (RHSA-2024:2913)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2913 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability...

8.8CVSS8.2AI score0.72648EPSS
Exploits18References7
NVD
NVD
added 2024/10/06 1:15 p.m.14 views

CVE-2024-47650

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Axton WP-WebAuthn wp-webauthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through = 1.3.1...

6.5CVSS0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/06 12:53 p.m.10 views

CVE-2024-47650 WordPress WP-WebAuthn plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1...

6.5CVSS6.8AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2024/10/06 12:53 p.m.42 views

CVE-2024-47650

CVE-2024-47650 : A stored XSS vulnerability exists in the WordPress WP-WebAuthn plugin up to version 1.3.1 due to improper input neutralization during web page generation. The issue affects WP-WebAuthn

6.5CVSS5.9AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder