Hypr

hypr

14 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Workforce Access

workforce_access

Keycloak Authenticator

keycloak_authenticator

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2414 1Hypr 1Hypr Apr 1, 2026 Mar 25, 2026 5.6 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.
CVE-2024-8273 1Hypr 1Hypr Server Feb 19, 2026 Dec 11, 2025 7.1 HIGH· v4 8.8 HIGH· v3 N/A· v2 Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
CVE-2024-0068 1Hypr 1Workforce Access Mar 4, 2025 Feb 29, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.
CVE-2023-6336 1Hypr 1Workforce Access Nov 21, 2024 Jan 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
CVE-2023-6335 1Hypr 1Workforce Access Nov 21, 2024 Jan 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
CVE-2023-6334 1Hypr 1Workforce Access Nov 21, 2024 Jan 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.
CVE-2023-5097 1Hypr 1Workforce Access Nov 21, 2024 Jan 16, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
CVE-2023-1837 1Hypr 1Hypr Server Nov 21, 2024 May 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)
CVE-2023-1477 1Hypr 1Keycloak Authenticator Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.
CVE-2023-0834 1Hypr 1Workforce Access Nov 21, 2024 Apr 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.
CVE-2022-3258 1Hypr 1Workforce Access Nov 21, 2024 Nov 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.
CVE-2022-2193 1Hypr 1Hypr Server Nov 21, 2024 Jul 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager p...Show more Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.Show less
CVE-2022-2192 1Hypr 1Hypr Server Nov 21, 2024 Jul 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR S...Show more Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.Show less
CVE-2022-1984 1Hypr 1Workforce Access Nov 21, 2024 Jul 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malic...Show more This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.Show less