Authentication Bypass Archives • Page 7 of 10 • Daily CyberSecurity

Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565 Nokia vulnerability CVE-2023-49564, CVE-2023-49565

Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565

Do Son September 19, 2025

Nokia has published a security advisory warning customers of two high-severity vulnerabilities affecting its CloudBand Infrastructure Software...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns of Critical Flaw in Delta DIALink: CVE-2025-58321 (CVSS 10.0)

Do Son September 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning about two serious...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild

Do Son September 16, 2025

Hackers are exploiting a critical authentication bypass vulnerability in the Case Theme User plugin, a WordPress plugin...

CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060) CUPS vulnerability, Linux printing

CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060)

Do Son September 15, 2025

OpenPrinting has released patches addressing two significant security flaws in the Common Unix Printing System (CUPS), a...

CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access

Do Son September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in...

Sophos Fixes Critical Authentication Bypass (CVE-2025-10159) in AP6 Series Wireless Access Points Sophos vulnerability CVE-2025-10159

Sophos Fixes Critical Authentication Bypass (CVE-2025-10159) in AP6 Series Wireless Access Points

Do Son September 10, 2025

Sophos has released a fix for a critical authentication bypass vulnerability (CVE-2025-10159) affecting its AP6 Series Wireless...

CVE-2025-40804: Critical Flaw in Siemens SIVaaS Exposes Network Share Without Authentication Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

CVE-2025-40804: Critical Flaw in Siemens SIVaaS Exposes Network Share Without Authentication

Do Son September 10, 2025

Siemens has disclosed a critical security vulnerability (CVE-2025-40804) in its SIMATIC Virtualization as a Service (SIVaaS) platform....

CVE-2025-40795 (CVSS 9.8): Critical Flaw in Siemens SIVaaS Exposes Network Share Without Authentication Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

CVE-2025-40795 (CVSS 9.8): Critical Flaw in Siemens SIVaaS Exposes Network Share Without Authentication

Do Son September 9, 2025

Siemens has disclosed multiple vulnerabilities in its User Management Component (UMC), which is used in products like...

CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication

Do Son September 5, 2025

ABB has issued a cybersecurity advisory disclosing multiple vulnerabilities affecting its ASPECT Building Management System (BMS), including...

CVE-2025-57808: ESPHome Web Server Authentication Bypass Exposes Smart Devices ESPHome, authentication bypass

CVE-2025-57808: ESPHome Web Server Authentication Bypass Exposes Smart Devices

Do Son September 2, 2025

The ESPHome project, a popular open-source firmware framework for ESP32- and ESP8266-based smart home devices, has disclosed...

PoC Available: CrushFTP Zero-Day (CVE-2025-54309) Exploited in the Wild

Do Son August 28, 2025

watchTowr Labs has released a detailed analysis of CVE-2025-54309, a zero-day authentication bypass vulnerability in CrushFTP, the...

CISA Alert: Critical Flaw (CVE-2025-8284) in Packet Power Devices Allows Unauthenticated Remote Takeover Packet Power, CISA Alert

CISA Alert: Critical Flaw (CVE-2025-8284) in Packet Power Devices Allows Unauthenticated Remote Takeover

Do Son August 11, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-severity alert for a missing authentication...

CVE-2025-5095 (CVSS 9.8): Critical Flaw in ARC Solo Broadcasting Devices Allows Unauthenticated Takeover

Do Son August 11, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning about a critical authentication...

Critical Dell DD OS Flaw (CVSS 9.8) Allows Unauthenticated Remote Access Dell DD OS Vulnerability, Authentication Bypass Dell SmartFabric OS10 Vulnerabilities

Critical Dell DD OS Flaw (CVSS 9.8) Allows Unauthenticated Remote Access

Do Son August 5, 2025

Dell Technologies has released an urgent security advisory addressing multiple vulnerabilities affecting its PowerProtect Data Domain Operating...

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available! SUSE Manager, Remote Code Execution

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available!

Do Son July 31, 2025

SUSE has issued a high-severity security advisory for CVE-2025-46811, a critical vulnerability in SUSE Manager that allows...

Critical OAuth2-Proxy Flaw (CVE-2025-54576, CVSS 9.1) Allows Authentication Bypass via Query Parameters OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

Critical OAuth2-Proxy Flaw (CVE-2025-54576, CVSS 9.1) Allows Authentication Bypass via Query Parameters

Do Son July 31, 2025

A critical vulnerability in the popular OAuth2-Proxy open-source authentication tool has been discovered, allowing attackers to bypass...

Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps Wix Base44, AI Platform Vulnerability

Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps

Do Son July 30, 2025

In a significant finding that highlights the risks associated with emerging AI development platforms, Wiz Research has...

Critical Node-SAML Flaw (CVE-2025-54419, CVSS 10.0) Allows Authentication Bypass in SAML 2.0 Web Apps Node-SAML Vulnerability, Authentication Bypass

Node-SAML Vulnerability, Authentication Bypass

Critical Node-SAML Flaw (CVE-2025-54419, CVSS 10.0) Allows Authentication Bypass in SAML 2.0 Web Apps

Do Son July 29, 2025

A newly disclosed critical vulnerability in Node-SAML, a widely used SAML 2.0 authentication provider for Node.js, could...

Critical Node-SAML Flaw (CVE-2025-54369) Exposes SAML 2.0 to Authentication Bypass Node-SAML Vulnerability, SAML Authentication Bypass

Critical Node-SAML Flaw (CVE-2025-54369) Exposes SAML 2.0 to Authentication Bypass

Do Son July 28, 2025

A critical vulnerability has been discovered in the popular open-source Node.js library Node-SAML, used to implement SAML...

Critical Mitel MiVoice MX-ONE Flaw: Unauthenticated Authentication Bypass Exposed Mitel vulnerability Mitel MiVoice MX-ONE, Authentication Bypass

Mitel vulnerability Mitel MiVoice MX-ONE, Authentication Bypass

Critical Mitel MiVoice MX-ONE Flaw: Unauthenticated Authentication Bypass Exposed

Do Son July 24, 2025

Mitel has issued a security advisory addressing a critical-severity vulnerability in the Provisioning Manager component of its...

Critical Alert 1 Active Exploit Detected Today