270 matches found
SUSE CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
Improper Authentication
Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Improper Authentication due to the Verify method not checking the User Presence flag in FIDO/U2F security key types. An attacker can perform unauthorized authentication by generati...
Improper Authentication
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Improper Authentication due to the Verify method not checking the User Presence flag in FIDO/U2F security key types. An attacker can perform unauthorized authentication by generating...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
GO-2026-5019 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2025-14972 Insufficient DPA countermeasure reseeding
Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...
CVE-2026-27131
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...
EUVD-2026-14515
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground...
GHSA-M59H-42JF-CPHR Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...
CVE-2026-27131
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131
The CVE concerns the Sprig Plugin for Craft CMS. Versions 2.0.0 up to, but not including, 2.15.2 and 3.15.2 expose a risk where admin users or those with Sprig Playground access could reveal the security key, credentials, and other sensitive configuration data, and could also run the hashData() s...
CVE-2026-27131
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
PutYourLightsOn Sprig Plugin for Craft CMS 安全漏洞
PutYourLightsOn Sprig Plugin for Craft CMS is a plugin developed by the Austrian company PutYourLightsOn, designed for Craft CMS. It provides dynamic content updates and interactive features. Versions of the plugin prior to 2.15.2 and 3.15.2 contained security vulnerabilities. These vulnerabiliti...
CVE-2026-27161
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...
Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)
Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...