Authentication Bypass Archives • Page 5 of 10 • Daily CyberSecurity

Critical FreePBX Flaw (CVE-2025-66039) Risks PBX Takeover via Authentication Bypass in ‘webserver’ Auth Mode

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical FreePBX Flaw (CVE-2025-66039) Risks PBX Takeover via Authentication Bypass in ‘webserver’ Auth Mode

Do Son December 17, 2025

A critical security vulnerability has been discovered in FreePBX, the world’s most popular open-source PBX platform, potentially...

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs

Do Son December 16, 2025

A critical security crisis is unfolding for Fortinet administrators this week. Just days after the vendor disclosed...

Unpatched TOTOLINK AX1800 Router Flaw Allows Unauthenticated Telnet & Root RCE TOTOLINK EX200 Vulnerability CVE-2025-65606 TOTOLINK Auth Bypass, Unauthenticated Telnet

TOTOLINK EX200 Vulnerability CVE-2025-65606 TOTOLINK Auth Bypass, Unauthenticated Telnet

Unpatched TOTOLINK AX1800 Router Flaw Allows Unauthenticated Telnet & Root RCE

Do Son December 11, 2025

A critical security vulnerability has been uncovered in the popular TOTOLINK AX1800 wireless router, a device widely...

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS

Do Son December 10, 2025

The security team behind ZITADEL, the open-source identity management platform, has issued urgent advisories regarding three high-severity...

Critical Emby Server Flaw (CVE-2025-64113) Allows Unauthenticated Admin Takeover Emby Auth Bypass, Plugin Quick Fix

Critical Emby Server Flaw (CVE-2025-64113) Allows Unauthenticated Admin Takeover

Do Son December 9, 2025

The development team behind Emby Server, the popular personal media streaming solution, has issued an urgent security...

Critical Authentication Bypass Flaws Discovered in Ruby SAML Library (CVE-2025-66567 & CVE-2025-66568)

Do Son December 9, 2025

A pair of critical security vulnerabilities has been disclosed in the Ruby SAML library, a foundational tool...

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes

Do Son December 8, 2025

A severe security vulnerability has been uncovered in Cal.com, the popular open-source scheduling platform positioned as the...

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates Step CA Auth Bypass, Critical ACME Flaw

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates

Do Son December 6, 2025

A critical security vulnerability has been identified in Step CA, a popular online Certificate Authority tool used...

CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover Iskra iHUB Auth Bypass, Critical Smart Metering Flaw

Iskra iHUB Auth Bypass, Critical Smart Metering Flaw

CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover

Do Son December 3, 2025

A critical security vacuum has been discovered in smart metering infrastructure, potentially leaving utility networks exposed to...

GitLab Patch: Fixes CI/CD Credential Theft & Unauthenticated DoS Attacks GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Patch: Fixes CI/CD Credential Theft & Unauthenticated DoS Attacks

Do Son November 26, 2025

GitLab has released an important security update today affecting both its Community Edition (CE) and Enterprise Edition...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

8 Flaws: ASUS Routers Urgently Need Patch for Authentication Bypass (CVE-2025-59366, CVSS 9.4)

Do Son November 26, 2025

ASUS has released an urgent security update to address a sweeping list of eight potential vulnerabilities in...

High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default Vault LDAP Bypass, Terraform Insecure Default Vault Community Edition - CVE-2024-9180

Vault LDAP Bypass, Terraform Insecure Default Vault Community Edition - CVE-2024-9180

High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default

Do Son November 25, 2025

HashiCorp has released an important security advisory addressing a misconfiguration flaw in the Vault Terraform Provider that...

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover RVR Elettronica Auth Bypass, Broadcast Hardware Flaw

RVR Elettronica Auth Bypass, Broadcast Hardware Flaw

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover

Do Son November 25, 2025

A newly disclosed vulnerability in R.V.R Elettronica’s TEX broadcast hardware has been assigned CVE-2025-63207, scoring 9.8 Critical...

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius

Do Son November 24, 2025

ABB has issued an urgent cybersecurity advisory warning customers of a critical authentication bypass vulnerability in the...

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers METZ CONNECT RCE, Unauthenticated Admin Takeover

METZ CONNECT RCE, Unauthenticated Admin Takeover

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers

Do Son November 19, 2025

METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical...

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint

Do Son November 18, 2025

The team behind Flowise—a popular open-source platform for building AI agents and LLM workflows—has issued an urgent...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

ZERO-DAY ATTACK WARNING: Fortinet FortiWeb Exploit Grants Unauthenticated Admin Access!

Do Son November 14, 2025

Cybersecurity firms are sounding the alarm over a critical vulnerability in Fortinet FortiWeb, the company’s Web Application...

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3) Milvus Auth Bypass, Vector Database Flaw

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3)

Do Son November 12, 2025

Milvus, a leading open-source vector database that powers AI and large-scale search applications, has disclosed a critical...

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover Triofox Zero-Day, Host Header Bypass

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover

Do Son November 11, 2025

Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed that a critical unauthenticated...

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking

Do Son November 11, 2025

Devolutions, a leading provider of privileged access management (PAM) and remote connection solutions, has released an urgent...

Critical Alert 1 Active Exploit Detected Today