CVE-2026-6245 Sssd: out-of-bounds read in the sssd

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

Cloudflare Targets WordPress With New AI-Powered EmDash CMS

Cloudflare launches EmDash CMS, an AI-powered platform built to fix WordPress security flaws with sandboxed plugins, serverless scaling, and passkey auth...

CVE-2025-71279

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

PT-2026-29415

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

EUVD-2025-31747

Malicious code in bioql PyPI...

Joomla! 5.x < 5.3.4 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.14 or 5.x prior to 5.3.4. It is, therefore, affected by multiple vulnerabilities. - Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in...

Joomla! 4.x < 4.4.14 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.14 or 5.x prior to 5.3.4. It is, therefore, affected by multiple vulnerabilities. - Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in...

CVE-2025-54477

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...

Joomla! User Enumeration Vulnerability (20250902)

Joomla! is prone to a user enumeration vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescripti...

CVE-2025-54477

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...

CVE-2025-54477 Joomla! Core - [20250902] User-Enumeration in passkey authentication method

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...

CVE-2025-54477 Joomla! Core - [20250902] User-Enumeration in passkey authentication method

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...

CVE-2025-54477

CVE-2025-54477 describes an issue in Joomla! where the authentication request handling in the passkey method allows user enumeration. The initial entry cites an improper handling of authentication requests leading to a user enumeration vector, with a CVSS v3.1 base score of 5.3 (Network attack, n...

PT-2025-40004

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Improper handling of authentication requests results in a user enumeration vector within the passkey authentication method. This allows an attacker to potentially identify valid users. Recommendation...

Joomla 4.0.x < 4.4.14 / 5.0.x < 5.3.4 Joomla 5.3.4 Security & Bugfix Release (5936-joomla-5-3-4-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.14 or 5.0.x prior to 5.3.4. It is, therefore, affected by a vulnerability. - Improper handling of authentication requests lead to a user enumeration vector in the passkey...

[20250902] - Core - User-Enumeration in passkey authentication method

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...

Oracle Linux 8 : bluez (ELSA-2021-4432)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4432 advisory. 5.56-1 + bluez-5.56-1 - Fixing 1965057 - Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56 Tenable has extracted the preceding...

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't le...

openSUSE 15 Security Update : bluez (openSUSE-SU-2021:2291-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2291-1 advisory. - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to...

SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2021:2291-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2291-1 advisory. - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacke...