Lucene search
K

187 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

9CVSS0.00392EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS5.8AI score0.00392EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2026/06/11 7:23 a.m.14 views

Authentication Bypass

Yubico java-webauthn-server is vulnerable to Authentication Bypass. The vulnerability is due to incorrect validation of a function's return value during the second-factor authentication flow, allowing attackers to bypass the intended authentication checks and impersonate legitimate users...

7.5CVSS5.5AI score0.00308EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-39828

A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate...

8.8CVSS5.4AI score0.00314EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS5.4AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 7:16 a.m.14 views

CVE-2026-8293

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

7.5CVSS0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:0 a.m.15 views

CVE-2026-8293

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.22 views

PT-2026-45694

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

5.8AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 4:16 a.m.14 views

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS0.00314EPSS
Exploits0References26
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.80 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

0.00314EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42707

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an SSH server authentication callback returning PartialSuccessError with non-nil Permissions caused those permissions to be silently...

9.8CVSS5.8AI score0.00314EPSS
Exploits0
Snyk
Snyk
added 2026/05/14 3:12 a.m.8 views

Incorrect Check of Function Return Value

Overview Affected versions of this package are vulnerable to Incorrect Check of Function Return Value in the "second factor" flow where FinishAssertionSteps fails to cross-check the verified credential handle against the requested username when a userHandle is not found for that username during t...

7.7CVSS5.4AI score0.00308EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 2:17 a.m.15 views

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 12:0 a.m.40 views

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS0.00308EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:0 a.m.8 views

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/14 12:0 a.m.20 views

CVE-2026-46419

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 is affected by a vulnerability in the second factor flow where a function’s return value was not checked, enabling impersonation. The issue is fixed in version 2.8.2 (released with a security advisory from Yubico). Affected product/vers...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

java-webauthn-server 安全漏洞

java-webauthn-server is a Java server-side web authentication library developed by Yubico. There were security vulnerabilities in versions of java-webauthn-server from 2.8.0 to 2.8.2. These vulnerabilities stemmed from incorrect check functions that accessed return values during the second-factor...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 12:0 a.m.8 views

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-40845

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 12:0 a.m.11 views

EUVD-2026-30211

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References2
Rows per page
Query Builder