June 27, 2026

Authentication Bypass

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates Step CA Auth Bypass, Critical ACME Flaw

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates

Do Son December 6, 2025 0
A critical security vulnerability has been identified in Step CA, a popular online Certificate Authority tool used...
Read More Read more about Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates
CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover Iskra iHUB Auth Bypass, Critical Smart Metering Flaw

CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover

Do Son December 3, 2025 0
A critical security vacuum has been discovered in smart metering infrastructure, potentially leaving utility networks exposed to...
Read More Read more about CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover
High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default Vault LDAP Bypass, Terraform Insecure Default Vault Community Edition - CVE-2024-9180

High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default

Do Son November 25, 2025 0
HashiCorp has released an important security advisory addressing a misconfiguration flaw in the Vault Terraform Provider that...
Read More Read more about High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default
CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover RVR Elettronica Auth Bypass, Broadcast Hardware Flaw

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover

Do Son November 25, 2025 0
A newly disclosed vulnerability in R.V.R Elettronica’s TEX broadcast hardware has been assigned CVE-2025-63207, scoring 9.8 Critical...
Read More Read more about CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover
Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius ABB T-MAC Plus vulnerabilities terminal system flaws ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius

Do Son November 24, 2025 0
ABB has issued an urgent cybersecurity advisory warning customers of a critical authentication bypass vulnerability in the...
Read More Read more about Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius
Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers METZ CONNECT RCE, Unauthenticated Admin Takeover

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers

Do Son November 19, 2025 0
METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical...
Read More Read more about Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers
Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover Triofox Zero-Day, Host Header Bypass

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover

Do Son November 11, 2025 0
Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed that a critical unauthenticated...
Read More Read more about Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover
Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking

Do Son November 11, 2025 0
Devolutions, a leading provider of privileged access management (PAM) and remote connection solutions, has released an urgent...
Read More Read more about Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking
Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server Smallworld Auth Bypass, GE Vernova ICS Flaw

Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server

Do Son November 11, 2025 0
GE Vernova’s Electrification Software division has released a critical security advisory addressing a high-severity authentication vulnerability (CVE-2025-3222)...
Read More Read more about Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server
Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor

Do Son November 6, 2025 0
Cisco has released urgent security updates to address two critical vulnerabilities in its Unified Contact Center Express...
Read More Read more about Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor
CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover Survision LPR Auth Bypass, CVE-2025-12108

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover

Do Son November 6, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting...
Read More Read more about CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover
Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover

Do Son November 1, 2025 0
An extremely severe security vulnerability has been discovered and is being actively exploited in the Jobmonster –...
Read More Read more about Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover