498 matches found
PT-2025-19841
Name of the Vulnerable Software and Affected Versions Quarkus affected versions not specified Description A vulnerability was found in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in, and when developers provi...
Quarkus 安全漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications from the Quarkus open source. A security vulnerability exists in Quarkus that stems from an undisabled default REST endpoint in the quarkus-security-webauthn module, which could lead to arbitrary user login...
State-of-the-art phishing: MFA bypass
Cybercriminals are bypassing multi-factor authentication MFA using adversary-in-the-middle AiTM attacks via reverse proxies, intercepting credentials and authentication cookies. The developers behind Phishing-as-a-Service PhaaS kits like Tycoon 2FA and Evilproxy have added features to make them...
CVE-2025-24180
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...
CVE-2025-24180
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...
CVE-2025-24180
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...
CVE-2025-24180
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...
CVE-2025-24180
CVE-2025-24180 affects Apple Safari (and related Apple OS components: visionOS 2.4, iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4). The issue arises from insufficient input validation that could allow a malicious website to claim WebAuthn credentials from another site sharing a registrable suffix. Th...
CVE-2025-24180
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...
PT-2025-13880 · Apple · Ipados +5
Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18.4 visionOS versions prior to 2.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4 Description: The issue was addressed with improved input validation. A malicious websit...
Malicious code in webauthn-codelab (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1db4dcddcb204fd78a848e02724ef26a5bac5da98f78246a3a90084b790868b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2141 Malicious code in webauthn-codelab (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1db4dcddcb204fd78a848e02724ef26a5bac5da98f78246a3a90084b790868b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-12225
A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel through the default REST endpoints. An attacker can bypass authentication controls and potentially log in as an existing user without proper credentials by exploiting these...
io.quarkus:quarkus-security-webauthn-deployment (>=3.0.0.Alpha1 <=3.18.0), io.quarkus:quarkus-test-security-webauthn (>=3.0.0.Alpha1 <=3.18.0) potentially affected by CVE-2024-12225 via io.quarkus:quarkus-security-webauthn (>=3.0.0.Alpha1 <=3.18.0)
io.quarkus:quarkus-security-webauthn MAVEN version =3.0.0.Alpha1, =3.0.0.Alpha1, =3.0.0.Alpha1, =3.18.0 Source cves: CVE-2024-12225 Source advisory: SNYK:JAVA-IOQUARKUS-9376953...
gitea -- multiple vulnerabilities
Problem Description: Fix basic auth with webauthn Refactor internal routers partial backport, auth token const time comparing...
CentOS 7 : thunderbird (RHSA-2024:2913)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2913 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability...
CVE-2024-47650
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Axton WP-WebAuthn wp-webauthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through = 1.3.1...
CVE-2024-47650 WordPress WP-WebAuthn plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1...
CVE-2024-47650
CVE-2024-47650 : A stored XSS vulnerability exists in the WordPress WP-WebAuthn plugin up to version 1.3.1 due to improper input neutralization during web page generation. The issue affects WP-WebAuthn