14 matches found
CVE-2025-71279 XenForo Passkey Security Bypass
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...
SUSE CVE-2026-32879
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-32879
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...
GHSA-5353-F8FQ-65VC New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...
CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-32879
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-32879
CVE-2026-32879 affects New API (LLM gateway/AI asset management). Beginning with version 0.10.0, a logic flaw in the universal secure verification flow lets an authenticated user with a registered passkey satisfy secure verification without completing a WebAuthn assertion. Exploitation status is ...
Design/Logic Flaw
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device...
CVE-2022-45190
CVE-2022-45190 affects Microchip RN4870 devices (version 1.43). The issue allows an attacker within the BLE radio range to bypass the passkey entry in the legacy pairing process. The Red Hat, NVD, CNNVD, CVE authorities all describe the same vulnerability, with the attack surface centered on Blue...
CVE-2022-46400
The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 allows attackers to bypass passkey entry in legacy pairing...
PT-2022-27852 · Microchip · Pic Lightblue Explorer Demo +1
Name of the Vulnerable Software and Affected Versions: Microchip RN4870 module firmware version 1.43 Microchip PIC LightBlue Explorer Demo version 4.2 DT100112 Description: The issue allows attackers to bypass passkey entry in legacy pairing. Recommendations: For Microchip RN4870 module firmware...
CVE-2022-46400
The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 allows attackers to bypass passkey entry in legacy pairing...