470 matches found
[SECURITY] Fedora 43 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc43
This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...
UBUNTU-CVE-2025-10530
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox 143 and Thunderbird 143...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A spoofing vulnerability exists in several Mozilla products and is caused by an...
CVE-2025-57540
A stored cross-site scripting XSS vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment PVE 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page,...
PT-2025-36794
Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment version 8.4 Description: A stored cross-site scripting XSS issue exists in the WebAuthn Relying Party field within the Datacenter configuration. Authenticated users can inject JavaScript code that is later executed...
Cisco NX-OS Software Operating System Command Injection Vulnerability
Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software suffers from an operating system command injection vulnerability that stems from insufficient user input validation, which can be exploited by an...
PT-2025-35518
Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.8.0 Description ESPHome’s web server authentication check on the ESP-IDF platform can incorrectly pass when the client-supplied base64-encoded Authorization value is empty or a substring of the correct value. This allows...
CVE-2009-20009
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before...
Tenda AC6 Authentication Bypass Vulnerability
Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. The Tenda AC6 suffers from an authentication bypass vulnerability, which stems from a bypass problem in the...
CVE-2025-27129
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...
CVE-2025-27129
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...
CVE-2025-27129
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...
CVE-2025-27129
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...
CVE-2025-27129
CVE-2025-27129 affects Tenda AC6 V5.0 V02.03.01.110. Cisco Talos details a HTTP authentication bypass where an attacker can bypass auth by manipulating the request (notably via a crafted Host header), leading to arbitrary code execution. The vulnerability is triggered through the HTTP authenticat...
CVE-2025-27129
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...
Tenda AC6 V5.0 HTTP authentication bypass vulnerability
Talos Vulnerability Report TALOS-2025-2165 Tenda AC6 V5.0 HTTP authentication bypass vulnerability August 20, 2025 CVE Number CVE-2025-27129 SUMMARY An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP...
CVE-2025-51451
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm...
Discourse < 3.4.7 Improper Authentication Vulnerability
Discourse is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH
We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...
CVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...