CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

165 matches found

Vulnrichment•added 2026/05/22 2:31 a.m.•5 views

CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

5.8AI score0.00033EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 10:17 a.m.•7 views

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

7.5CVSS7AI score0.00477EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:56 a.m.•7 views

CVE-2020-12061

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

9.8CVSS6.7AI score0.00428EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-3855

Malware in sbrugna...

8.1CVSS7.9AI score0.00399EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-3854

Malware in sbrugna...

7.5CVSS7.7AI score0.00593EPSS

Exploits1References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-4377

Malware in sbrugna...

9.8CVSS9.4AI score0.00428EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-17329

Malware in sbrugna...

6.7CVSS4.7AI score0.00051EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-8388

Malware in sbrugna...

7.5CVSS7.5AI score0.00477EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-18797

Malware in sbrugna...

6.8CVSS6.7AI score0.00089EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-3074

Malicious code in bioql PyPI...

7.3CVSS8.8AI score0.00033EPSS

Exploits0References1

CVE•added 2025/09/09 12:0 a.m.•14 views

CVE-2025-57539

Vulnerability summary (CVE-2025-57539) : Proxmox Virtual Environment 8.4 is affected by a stored XSS in the U2F Origin field of the Datacenter configuration. Authenticated users can store input that is rendered unsafely in the Web UI and executed when viewed by others, potentially enabling sessio...

5.4CVSS5.1AI score0.00058EPSS

Exploits1References3Affected Software1

Cvelist•added 2025/09/09 12:0 a.m.•5 views

CVE-2025-57539

A stored cross-site scripting XSS vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment PVE 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially...

0.00058EPSS

Exploits1References3

Vulnrichment•added 2025/09/09 12:0 a.m.•2 views

CVE-2025-57539

5AI score0.00058EPSS

Exploits1References3

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-31924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issu...

6.8CVSS6.8AI score0.00089EPSS

Exploits0References2

Tenable Nessus•added 2025/08/30 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2019-12209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not proper...

7.5CVSS6.2AI score0.00593EPSS

Exploits1References2

Tenable Nessus•added 2025/08/24 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2019-12210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is...

8.1CVSS6.8AI score0.00399EPSS

Exploits1References2

Tenable Nessus•added 2025/08/18 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-23013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deploy...

7.3CVSS8.4AI score0.00033EPSS

Exploits0References2

Tenable Nessus•added 2025/08/15 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-24612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled...

6.7CVSS5.8AI score0.00051EPSS

Exploits0References2