Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.2 views

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

7.4CVSS5.8AI score0.00046EPSS
Exploits0References1
Snyk
Snykadded 2026/03/12 12:36 a.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the passkey registration process. An attacker can gain unauthorized access to user accounts by reusing expired registration codes to register their own passkey. Remediation Upgrade...

9.1CVSS5.8AI score0.00046EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/11 9:40 p.m.23 views

CVE-2026-32132 ZITADEL: Reactivation of Expired Passkey Registration Codes

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

7.4CVSS0.00046EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/11 7:8 a.m.4 views

CVE-2026-28513

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...

8.5CVSS5.8AI score0.00016EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/03/10 12:0 a.m.2 views

Pocket ID 安全漏洞

Pocket ID is an open-source identity provider that supports passwordless authentication. Versions of Pocket ID prior to 2.4.0 contained a security vulnerability. This vulnerability stemmed from the OIDC token endpoint only refusing authorization codes when the client ID was incorrect and the code...

8.5CVSS7.3AI score0.00016EPSS
Exploits1References2
Hacker One
Hacker Oneadded 2024/07/07 7:1 p.m.51 views

HackerOne: TOTP Authenticator implementation Accepts Expired Codes

Vulnerability description not provided...

7.1AI score
Exploits0
Github Security Blog
Github Security Blogadded 2021/11/10 6:20 p.m.29 views

Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server

Impact Users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID. Patches v1.1.2+ Workarounds There are no workarounds, and there are no indications this has been exploited in the wild. Verification codes can on...

6.5CVSS2.2AI score0.00121EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder