Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

493 matches found

OSV
OSVadded 2026/02/27 7:54 p.m.7 views

CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References4
EUVD
EUVDadded 2026/02/27 9:30 a.m.5 views

EUVD-2025-208135

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References8
OSV
OSVadded 2026/02/27 9:30 a.m.5 views

GHSA-7G5X-9C4V-4W5R Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References11
NVD
NVDadded 2026/02/27 9:16 a.m.8 views

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS0.00202EPSS
Exploits0References7
OSV
OSVadded 2026/02/27 9:16 a.m.5 views

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.7AI score0.00202EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/02/27 8:10 a.m.21 views

CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS0.00202EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/02/27 8:10 a.m.2 views

CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References7
CVE
CVEadded 2026/02/27 8:10 a.m.39 views

CVE-2025-12150

Keycloak WebAuthn registration component is affected by CVE-2025-12150. An attacker can bypass the realm’s attestation policy by submitting an attestation object with fmt: "none", enabling registration of untrusted/ forged authenticators and weakening authentication integrity. The issue arises de...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References7Affected Software2
ATTACKERKB
ATTACKERKBadded 2026/02/27 8:10 a.m.3 views

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References8
CNNVD
CNNVDadded 2026/02/27 12:0 a.m.6 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.0.18 contained security vulnerabilities. These vulnerabilities stemmed from the WebAuthn prepare endpoint, which lacked authentication and CSRF protection, allowing unverified...

7.5CVSS5.8AI score0.0041EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/27 12:0 a.m.7 views

PT-2026-22389

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.18 Description The WebAuthn prepare endpoint, /api/webauthn/prepare, in versions prior to 4.0.18 lacks authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References10
SUSE CVE
SUSE CVEadded 2026/02/25 12:26 a.m.3 views

SUSE CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

5.4CVSS5.7AI score0.00307EPSS
Exploits0References3
OSV
OSVadded 2026/02/24 2:16 p.m.2 views

CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox 148 and Thunderbird 148...

9.8CVSS5.8AI score0.00307EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/02/24 2:16 p.m.4 views

CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS5.8AI score0.00307EPSS
Exploits0References5
OSV
OSVadded 2026/02/24 2:16 p.m.2 views

UBUNTU-CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox 148 and Thunderbird 148...

9.8CVSS5.2AI score0.00307EPSS
Exploits0References6
EUVD
EUVDadded 2026/02/24 1:33 p.m.5 views

EUVD-2026-8453

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox 148...

5.3AI score0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/24 1:33 p.m.4 views

CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox 148 and Thunderbird 148...

9.8CVSS5.3AI score0.00307EPSS
Exploits0References4
CVE
CVEadded 2026/02/24 1:33 p.m.18 views

CVE-2026-2800

CVE-2026-2800 affects Firefox for Android, specifically a spoofing vulnerability in the WebAuthn component. The issue is described as a spoofing flaw in WebAuthn that affects the Android Firefox and has been fixed in Firefox 148 (and Thunderbird 148). The available connected sources corroborate t...

9.8CVSS5.7AI score0.00307EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichmentadded 2026/02/24 1:33 p.m.0 views

CVE-2026-2800 Spoofing issue in the WebAuthn component in Firefox for Android

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

5.7AI score0.00307EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2026/02/24 1:33 p.m.3 views

CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS5.7AI score0.00307EPSS
Exploits0References3
Rows per page
Query Builder