EUVD-2020-7130

Malware in sbrugna...

EUVD-2020-7131

Malware in sbrugna...

EUVD-2024-35721

Malicious code in bioql PyPI...

EUVD-2025-9570

Malicious code in bioql PyPI...

EUVD-2024-41550

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-10185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside...

Linux Distros Unpatched Vulnerability : CVE-2021-31924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issu...

FIDO2 Authentication Does Not Work With Webpages Opened Using Microsoft Edge

Users are not able to Authenticate to a website that requires FIDO2 Authentication using a Yubikey when using Edge on VDA Devices. The users are constantly prompted to select a Smartcard device. The same users are able to Authenticate onto the same website using Chrome or Firefox inside the same...

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

CVE-2024-31498

Yubico ykman-gui aka YubiKey Manager GUI before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator...

CVE-2022-24584

Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico...

CVE-2019-19522

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

Yubico YubiKey 安全漏洞

Yubico YubiKey is a hardware authentication device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey versions 5.4.1 through 5.7.3, which stems from an incorrect implementation of the FIDO CTAP PIN/UV Auth Protocol Two, which could lead to partial signature...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

CVE-2025-29991

CVE-2025-29991 affects Yubico YubiKey 5.4.1–5.7.3; the FIDO CTAP PIN/UV Auth Protocol Two implementation incorrectly uses the 16-byte signature length from Protocol One, causing partial signature verification when Protocol Two is chosen. Remediation: update to version 5.7.4 or later. Other disclo...

PT-2025-14572 · Yubico · Yubikey

Name of the Vulnerable Software and Affected Versions: Yubico YubiKey versions 5.4.1 through 5.7.3 Description: The issue is related to an incorrect implementation of the FIDO CTAP PIN/UV 2 authentication protocol. Specifically, it uses the signature length from the CTAP PIN/UV 1 protocol, even...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control...