EUVD-2024-35721

Malicious code in bioql PyPI...

EUVD-2025-9570

Malicious code in bioql PyPI...

EUVD-2024-41550

Malicious code in bioql PyPI...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

Yubico YubiKey 安全漏洞

Yubico YubiKey is a hardware authentication device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey versions 5.4.1 through 5.7.3, which stems from an incorrect implementation of the FIDO CTAP PIN/UV Auth Protocol Two, which could lead to partial signature...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

CVE-2025-29991

CVE-2025-29991 affects Yubico YubiKey 5.4.1–5.7.3; the FIDO CTAP PIN/UV Auth Protocol Two implementation incorrectly uses the 16-byte signature length from Protocol One, causing partial signature verification when Protocol Two is chosen. Remediation: update to version 5.7.4 or later. Other disclo...

Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Access (CVE-2024-45678)

Summary A Security Vulnerability was addressed in IBM Security Verify Access regarding Yubico Yubikey 5 Series. Vulnerability Details CVEID:CVE-2024-45678 DESCRIPTION: Yubico YubiKey 5 Series, Security Key Series and YubiHSM 2 could allow a physical attacker to obtain sensitive information, cause...

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

CVE-2024-35311

CVE-2024-35311 affects Yubico YubiKey 5 Series <5.7.0, Security Key Series <5.7.0, YubiKey Bio Series <5.6.4, and YubiKey 5 FIPS

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control...

Yubico YubiKey 5 安全漏洞

Yubico YubiKey 5 is a multi-protocol security secret key device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey prior to 5.7.0, Security Key prior to 5.7.0, YubiKey Bio prior to 5.6.4, and YubiKey 5 FIPS prior to 5.7.2, which stems from faulty access control, an...

CVE-2024-31498

Yubico ykman-gui aka YubiKey Manager GUI before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator...

YubiKey 安全漏洞

Yubico YubiKey is a hardware authentication device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey that stems from incorrect access control of the Yubico OTP function and the Yubico OTP authentication server...

CVE-2021-3011

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a...

Fido U2f Security Breach

Fido U2f is an authentication protocol from the Fido organization based on standard public key cryptography techniques primarily used for smart card authentication. A security vulnerability exists in Fido U2f that could allow an attacker to extract the ECDSA private key after extensive physical...

Design/Logic Flaw

An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked whe...

CVE-2020-15000

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known...

CVE-2020-15001

CVE-2020-15001 affects Yubico YubiKey 5 NFC, specifically firmware versions 5.0.0–5.2.6 and 5.3.0–5.3.1. The OTP application allows optional access codes on OTP slots, but the access code is not checked when updating NFC-specific OTP configurations. As a result, an attacker could read configured ...