Authentication Bypass Archives • Page 5 of 10 • Daily CyberSecurity

“New” Path of Attack: Fully Upgraded Fortinet Devices Hit by SSO Exploits Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

“New” Path of Attack: Fully Upgraded Fortinet Devices Hit by SSO Exploits

Do Son January 23, 2026

Fortinet is investigating a concerning new wave of attacks targeting its network security devices, where threat actors...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

“Enjoy Your Admin Access”: Critical SmarterMail RCE Exploited in the Wild

Do Son January 22, 2026

Just weeks after a major vulnerability rocked the SmarterMail ecosystem, security researchers have uncovered a new, critical...

GitLab Alert: High-Severity 2FA Bypass & DoS Flaws Patched in Urgent Update GitLab Security Update CVE-2026-0723 CVE-2023-7028 & CVE-2023-5356 GitLab vulnerability, DoS flaw

GitLab Security Update CVE-2026-0723 CVE-2023-7028 & CVE-2023-5356 GitLab vulnerability, DoS flaw

GitLab Alert: High-Severity 2FA Bypass & DoS Flaws Patched in Urgent Update

Do Son January 21, 2026

GitLab has released an urgent security update for its Community (CE) and Enterprise (EE) editions, patching a...

10-Year-Old GNU Inetutils Telnetd Flaw Lets Hackers Log In as Root via “-f root” GNU Inetutils Telnetd Root Authentication Bypass

10-Year-Old GNU Inetutils Telnetd Flaw Lets Hackers Log In as Root via “-f root”

Do Son January 21, 2026

A critical-severity security flaw has been disclosed in GNU Inetutils, specifically within its telnetd server, allowing remote...

CVE-2026-0629: TP-Link VIGI Flaw Lets Attackers Reset Admin Passwords

Do Son January 21, 2026

A critical security vulnerability has been discovered in TP-Link’s VIGI series surveillance cameras, allowing attackers on a...

Critical ABB Alert: OPTIMAX Flaw Allows Full System Takeover ABB T-MAC Plus vulnerabilities terminal system flaws ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Alert: OPTIMAX Flaw Allows Full System Takeover

Do Son January 19, 2026

Industrial automation giant ABB has released a critical security advisory warning of a severe vulnerability in its...

OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root CVE-2022-38065 OpenStack Vulnerability CVE-2026-22797

OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root

Do Son January 16, 2026

A significant security flaw has been closed in the OpenStack cloud infrastructure project, specifically within its identity...

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA

Do Son January 15, 2026

A critical security vulnerability has been found in Cal.com, the popular open-source scheduling platform used by individuals...

Critical Centreon Alert: 9.8 Severity Flaw Exposes IT Monitoring CVE-2024-55573 & CVE-2024-53923 Centreon AWIE Vulnerabilities CVE-2025-15029

Critical Centreon Alert: 9.8 Severity Flaw Exposes IT Monitoring

Do Son January 9, 2026

Centreon, a key player in IT infrastructure monitoring, is urging administrators to update their systems immediately following...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-66848: Critical Flaw in JD Cloud Routers Grants Hackers Root Access

Do Son January 5, 2026

A security vulnerability has been uncovered in a popular line of NAS routers from JD Cloud, potentially...

CVE-2025-68926: Critical Hardcoded Credential Flaw Exposes RustFS Storage Clusters RustFS, Hardcoded Token (CVE-2025-68926)

CVE-2025-68926: Critical Hardcoded Credential Flaw Exposes RustFS Storage Clusters

Do Son January 2, 2026

RustFS, a distributed object storage system celebrated for leveraging the memory safety and performance of the Rust...

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs

Do Son January 1, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding a critical safety vulnerability in...

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control CVE-2024-29868 Apache StreamPipes, CVE-2025-47411

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control

Do Son December 31, 2025

The Apache Software Foundation has released a critical fix for StreamPipes, its self-service Industrial IoT toolbox designed...

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login

Do Son December 30, 2025

IBM has issued an urgent security alert for users of its API Connect platform after internal testing...

Zero-Day Alert: Linksys Auth Bypass Lets Hackers Hijack Routers Without Passwords Linksys Auth Bypass, CVE-2025-52692

Zero-Day Alert: Linksys Auth Bypass Lets Hackers Hijack Routers Without Passwords

Do Son December 23, 2025

A popular Wi-Fi 6 router found in thousands of homes has been blown wide open by security...

Critical FreePBX Flaw (CVE-2025-66039) Risks PBX Takeover via Authentication Bypass in ‘webserver’ Auth Mode

Do Son December 17, 2025

A critical security vulnerability has been discovered in FreePBX, the world’s most popular open-source PBX platform, potentially...

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs

Do Son December 16, 2025

A critical security crisis is unfolding for Fortinet administrators this week. Just days after the vendor disclosed...

Unpatched TOTOLINK AX1800 Router Flaw Allows Unauthenticated Telnet & Root RCE TOTOLINK EX200 Vulnerability CVE-2025-65606 TOTOLINK Auth Bypass, Unauthenticated Telnet

TOTOLINK EX200 Vulnerability CVE-2025-65606 TOTOLINK Auth Bypass, Unauthenticated Telnet

Unpatched TOTOLINK AX1800 Router Flaw Allows Unauthenticated Telnet & Root RCE

Do Son December 11, 2025

A critical security vulnerability has been uncovered in the popular TOTOLINK AX1800 wireless router, a device widely...

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS

Do Son December 10, 2025

The security team behind ZITADEL, the open-source identity management platform, has issued urgent advisories regarding three high-severity...

Critical Emby Server Flaw (CVE-2025-64113) Allows Unauthenticated Admin Takeover Emby Auth Bypass, Plugin Quick Fix

Critical Emby Server Flaw (CVE-2025-64113) Allows Unauthenticated Admin Takeover

Do Son December 9, 2025

The development team behind Emby Server, the popular personal media streaming solution, has issued an urgent security...