14 matches found
EUVD-2025-23042
Malicious code in bioql PyPI...
CVE-2025-53102
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared...
BIT-DISCOURSE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared...
CVE-2025-53102
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared...
CVE-2025-53102
CVE-2025-53102 affects Discourse: prior to 3.4.7 (stable) and 3.5.0.beta.8 (tests-passed), issuing a physical security key for 2FA generates a WebAuthn challenge that is not cleared from the user session after authentication, potentially allowing reuse and increasing security risk. Affected versi...
CVE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared...
CVE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared...
Discourse 授权问题漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. An authorization issue vulnerability exists in Discourse versions prior to 3.4.7 and prior to 3.5.0.beta.8, which stems from an uncleare...
PT-2025-31259 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.4.7 on the stable branch Discourse versions prior to 3.5.0.beta.8 on the tests-passed branch Description: Discourse is an open-source community discussion platform. Upon issuing a physical security key for...
CVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...
CVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...
CVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...
CVE-2025-6433
CVE-2025-6433 describes a WebAuthn behavior where, if a user visits a page with an invalid TLS certificate and grants an exception, the page could present a WebAuthn challenge, violating WebAuthN’s requirement for a secure transport. Affected products include Mozilla Firefox and Thunderbird prior...
PT-2025-26730
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user visits a webpage with an invalid TLS certificate and grants an exception. In this scenario, the webpage can provide a WebAuthn challenge that the user is prompted to...