Known Vulnerabilities for Webauthn-lib by Web-auth
Listed below are 10 of the newest known vulnerabilities associated with "Webauthn-lib" by "Web-auth".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46419 json | Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the... | Not Provided | 2026-05-14 | 2026-05-14 |
| CVE-2026-37982 json | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-31835 json | Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flo... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-11883 json | The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authenticati... | Not Provided | 2026-07-01 | 2026-07-01 |
| CVE-2026-8830 json | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by... | Not Provided | 2026-05-19 | 2026-06-26 |
| CVE-2026-2800 json | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird ... | Not Provided | 2026-02-24 | 2026-04-13 |
| CVE-2025-13910 json | The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the `wwa_auth` AJAX end... | Not Provided | 2026-03-21 | 2026-04-08 |
| CVE-2025-10530 json | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird ... | Not Provided | 2025-09-16 | 2026-04-13 |
| CVE-2025-6433 json | If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebA... | Not Provided | 2025-06-24 | 2026-04-13 |
| CVE-2024-47650 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Axton WP-WebAuthn wp-we... | Not Provided | 2024-10-06 | 2026-04-23 |