5.3

CVSS3.1

CVE-2025-54477 - Joomla! Core - [20250902] User-Enumeration in passkey authentication method

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.

📅 Published: Sept. 30, 2025, 4:02 p.m. 🔄 Last Modified: Oct. 2, 2025, 8:46 a.m.

4.8

CVSS4.0

CVE-2025-54476 - Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code

Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.

📅 Published: Sept. 30, 2025, 4:02 p.m. 🔄 Last Modified: Oct. 2, 2025, 8:46 a.m.

9.1

CVSS3.1

CVE-2025-7493 - Freeipa: idm: privilege escalation from host to domain admin in freeipa

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA stil…

📅 Published: Sept. 30, 2025, 3:06 p.m. 🔄 Last Modified: Sept. 30, 2025, 3:06 p.m.

8.8

CVSS3.0

CVE-2025-7779 -

Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197.

📅 Published: Sept. 30, 2025, 2:52 p.m. 🔄 Last Modified: Oct. 2, 2025, 8:46 a.m.

7.3

CVSS3.0

CVE-2025-11178 -

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386.

📅 Published: Sept. 30, 2025, 2:52 p.m. 🔄 Last Modified: Oct. 2, 2025, 8:46 a.m.

0.0