EUVD-2025-208135

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

GHSA-7G5X-9C4V-4W5R Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

CVE-2025-12150

Keycloak WebAuthn registration component is affected by CVE-2025-12150. An attacker can bypass the realm’s attestation policy by submitting an attestation object with fmt: "none", enabling registration of untrusted/ forged authenticators and weakening authentication integrity. The issue arises de...

EUVD-2012-3154

Malware in sbrugna...

Network-Wide Quantum Key Distribution with Onion Routing Relay

The advancement of quantum computing threatens classical cryptographic methods, necessitating the development of secure quantum key distribution QKD solutions for QKD Networks QKDN. In this paper, a novel key distribution protocol, Onion Routing Relay ORR, that integrates onion routing OR with...

CVE-2025-23194

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...

CVE-2025-23194 Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...

CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application...