GHSA-J5RM-V3VH-VX94 eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges

Impact In eduMFA = 2.9.1 by adding validity information to the userless challenges. Workarounds No known workarounds besides disabling userless login altogether...

eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges

Impact In eduMFA = 2.9.1 by adding validity information to the userless challenges. Workarounds No known workarounds besides disabling userless login altogether...

Astra Linux - уязвимость в chromium

Inappropriate implementation of Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information through debug logs. Chromium security severity: Low...

An Analysis of Attack Vectors against FIDO2 Authentication

Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such attacks, prompting the development of more secure...

Xenforo Authorization Issues Vulnerability (CNVD-2026-16832)

Xenforo is a forum software from Xenforo. XenForo suffers from an authorization issue vulnerability that originates from affecting Passkeys that have been added to a user's account, which can be exploited by an attacker to bypass the authentication process and take over the account of another web...

EUVD-2025-209152

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

CVE-2025-71279

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

CVE-2025-71279

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

Xenforo 授权问题漏洞

Xenforo is a forum software from Xenforo. XenForo suffers from an authorization issue vulnerability that originates from affecting Passkeys that have been added to a user's account, which can be exploited by an attacker to bypass the authentication process and take over the account of another web...

PT-2026-29415

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

GHSA-CVH3-23VQ-W7H4 Statamic's Markdown preview endpoint exposes sensitive user data

Impact The markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retrieve sensitive user data including email addresses, encrypted passkey data, and encrypted two-factor...

Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals

Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...

EUVD-2026-10407

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

This Week in Spring - February 24th, 2026

Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...

CVE-2026-22694

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694

Summary (CVE-2026-22694) : AliasVault for Android (versions 0.24.0–0.25.2) contained an incomplete validation flaw in the Android credential provider for passkey requests. Under certain local conditions, a malicious app could obtain a passkey response for a site it was not authorized to access be...

Verifiable Passkey: The Decentralized Authentication Standard

Passwordless authentication has revolutionized the way we authenticate across various websites and services. FIDO2 Passkeys, is one of the most-widely adopted standards of passwordless authentication that promises phishing-resistance. However, like any other authentication system, passkeys requir...

Linux Distros Unpatched Vulnerability : CVE-2025-12910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug...

CVE-2025-12910

Inappropriate implementation in Passkeys in Google Chrome allowed a local attacker to obtain potentially sensitive information via debug logs...

Google Chrome Passkeys Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Passkeys mal-implementation vulnerability, which can be exploited by an attacker to obtain sensitive information via debug logs...