Hypr
by Hypr
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2414 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2. | ||
| CVE-2025-0372 | Med | 0.38 | — | 0.00 | May 21, 2025 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. | ||
| CVE-2025-2102 | Med | 0.37 | — | 0.00 | May 21, 2025 | Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. | ||
| CVE-2024-1721 | Med | 0.36 | — | 0.00 | May 21, 2024 | Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1. | ||
| CVE-2026-1712 | 0.00 | — | 0.00 | Mar 25, 2026 | Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7. | |||
| CVE-2024-0068 | 0.00 | — | 0.00 | Feb 29, 2024 | Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1. | |||
| CVE-2023-6336 | 0.00 | — | 0.00 | Jan 16, 2024 | Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | |||
| CVE-2023-6335 | 0.00 | — | 0.00 | Jan 16, 2024 | Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | |||
| CVE-2023-6334 | 0.00 | — | 0.00 | Jan 16, 2024 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7. | |||
| CVE-2023-5097 | 0.00 | — | 0.00 | Jan 16, 2024 | Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | |||
| CVE-2023-1837 | 0.00 | — | 0.01 | May 23, 2023 | Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | |||
| CVE-2023-1477 | 0.00 | — | 0.01 | Apr 28, 2023 | Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3. | |||
| CVE-2023-0834 | 0.00 | — | 0.00 | Apr 28, 2023 | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | |||
| CVE-2022-3258 | 0.00 | — | 0.00 | Nov 3, 2022 | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. | |||
| CVE-2022-2193 | 0.00 | — | 0.01 | Jul 19, 2022 | Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to… | |||
| CVE-2022-1984 | 0.00 | — | 0.00 | Jul 19, 2022 | This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload. | |||
| CVE-2022-2192 | 0.00 | — | 0.01 | Jul 19, 2022 | Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior… |
- risk 0.64cvss 9.8epss 0.00
Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.
- risk 0.38cvss —epss 0.00
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
- risk 0.37cvss —epss 0.00
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
- risk 0.36cvss —epss 0.00
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.
- CVE-2026-1712Mar 25, 2026risk 0.00cvss —epss 0.00
Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.
- CVE-2024-0068Feb 29, 2024risk 0.00cvss —epss 0.00
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.
- CVE-2023-6336Jan 16, 2024risk 0.00cvss —epss 0.00
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
- CVE-2023-6335Jan 16, 2024risk 0.00cvss —epss 0.00
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
- CVE-2023-6334Jan 16, 2024risk 0.00cvss —epss 0.00
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.
- CVE-2023-5097Jan 16, 2024risk 0.00cvss —epss 0.00
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
- CVE-2023-1837May 23, 2023risk 0.00cvss —epss 0.01
Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)
- CVE-2023-1477Apr 28, 2023risk 0.00cvss —epss 0.01
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.
- CVE-2023-0834Apr 28, 2023risk 0.00cvss —epss 0.00
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.
- CVE-2022-3258Nov 3, 2022risk 0.00cvss —epss 0.00
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.
- CVE-2022-2193Jul 19, 2022risk 0.00cvss —epss 0.01
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to…
- CVE-2022-1984Jul 19, 2022risk 0.00cvss —epss 0.00
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.
- CVE-2022-2192Jul 19, 2022risk 0.00cvss —epss 0.01
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior…