VYPR
Vendor

Hypr

Products
1
CVEs
17
Across products
17
Status
Private

Products

1

Recent CVEs

17
  • CVE-2026-2414CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.

  • CVE-2025-0372MedMay 21, 2025
    risk 0.38cvss epss 0.00

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.

  • CVE-2025-2102MedMay 21, 2025
    risk 0.37cvss epss 0.00

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.

  • CVE-2024-1721MedMay 21, 2024
    risk 0.36cvss epss 0.00

    Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.

  • CVE-2026-1712Mar 25, 2026
    risk 0.00cvss epss 0.00

    Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.

  • CVE-2024-0068Feb 29, 2024
    risk 0.00cvss epss 0.00

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.

  • CVE-2023-6336Jan 16, 2024
    risk 0.00cvss epss 0.00

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

  • CVE-2023-6335Jan 16, 2024
    risk 0.00cvss epss 0.00

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

  • CVE-2023-6334Jan 16, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.

  • CVE-2023-5097Jan 16, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.

  • CVE-2023-1837May 23, 2023
    risk 0.00cvss epss 0.01

    Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)

  • CVE-2023-1477Apr 28, 2023
    risk 0.00cvss epss 0.01

    Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.

  • CVE-2023-0834Apr 28, 2023
    risk 0.00cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.

  • CVE-2022-3258Nov 3, 2022
    risk 0.00cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.

  • CVE-2022-2193Jul 19, 2022
    risk 0.00cvss epss 0.01

    Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to…

  • CVE-2022-1984Jul 19, 2022
    risk 0.00cvss epss 0.00

    This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.

  • CVE-2022-2192Jul 19, 2022
    risk 0.00cvss epss 0.01

    Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior…