Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. "Brand new Microsoft accounts will now be 'passwordless by...

Digigram PYKO-OUT 安全漏洞

Digigram PYKO-OUT is a professional-grade, multi-channel IP audio encoder from Digigram for high-quality AoIP Audio over IP transmission in broadcast and live production environments. A security vulnerability exists in the Digigram PYKO-OUT, which stems from the fact that no password is required ...

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

Happy World Passkey Day! As the world shifts from passwords to passkeys, we’re excited to join the FIDO Alliance in leaving “World Password Day” behind to celebrate the very first “World Passkey Day.” To commemorate this renaming, Microsoft and dozens of other organizations have taken the Passkey...

PYSEC-2025-17

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

CVE-2025-1474

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow version 2.18 that stems from the ability for administrators ...

CVE-2025-26344

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...

CVE-2025-26344

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...

CVE-2025-26344

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...

CVE-2025-26344

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...

CVE-2025-26344

CVE-2025-26344 describes a CWE-306 vulnerability in Q-Free MaxTime

PT-2025-7133 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests. This is d...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/guest-mode/routes.lua. A...

CVE-2025-23792

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through ...

CVE-2024-50478

Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5...

CVE-2025-23792

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through ...

CVE-2025-23792 WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through ...

CVE-2025-23792 WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through ...

CVE-2025-23792

CVE-2025-23792 is a Reflected XSS in the WordPress plugin Passwordless WP – Login with your glance or fingerprint (

WordPress plugin Passwordless WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...