Authentication Bypass Archives • Page 7 of 10 • Daily CyberSecurity

Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics Maximo Cognos Bypass, CVE-2025-36386

Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics

Do Son October 29, 2025

IBM has issued a critical security advisory warning customers of a high-severity vulnerability (CVE-2025-36386, CVSS 9.8) in...

Critical Dell Storage Manager Flaw (CVE-2025-43995, CVSS 9.8) Allows Unauthenticated API Bypass Dell Storage Critical Auth Bypass, CVE-2025-43995

Critical Dell Storage Manager Flaw (CVE-2025-43995, CVSS 9.8) Allows Unauthenticated API Bypass

Do Son October 27, 2025

Dell Technologies has issued a critical security advisory addressing multiple high-severity vulnerabilities in its Storage Center and...

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication UniFi Access Bypass, CVE-2025-52665

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication

Do Son October 27, 2025

Ubiquiti has released a security update to address a critical authentication bypass vulnerability (CVE-2025-52665) in its UniFi...

HashiCorp Patches Vault Flaws: AWS Auth Bypass and Unauthenticated JSON DoS Vault AWS Auth Bypass, JSON DoS

HashiCorp Patches Vault Flaws: AWS Auth Bypass and Unauthenticated JSON DoS

Do Son October 27, 2025

Two high-severity vulnerabilities disclosed by HashiCorp could expose Vault deployments to denial-of-service (DoS) attacks and cross-account authentication...

CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access Raisecom Critical Auth Bypass, EoL Router

Raisecom Critical Auth Bypass, EoL Router

CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access

Do Son October 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical authentication bypass vulnerability...

Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret

Do Son October 20, 2025

Moxa, a leading manufacturer of industrial networking and security appliances, has released an urgent security advisory addressing...

Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config ROS# Path Traversal CVE-2026-41551 Siemens SIMATIC Auth Bypass, CVE-2025-40771 CVE-2024-22039 & CVE-2024-49775 CVE-2024-56336

ROS# Path Traversal CVE-2026-41551 Siemens SIMATIC Auth Bypass, CVE-2025-40771 CVE-2024-22039 & CVE-2024-49775 CVE-2024-56336

Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config

Do Son October 15, 2025

Siemens has released a critical security update for its SIMATIC ET 200SP communication processors, addressing an authentication...

Oracle Warns of Unauthenticated Vulnerability in E-Business Suite (CVE-2025-61884) IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Oracle Warns of Unauthenticated Vulnerability in E-Business Suite (CVE-2025-61884)

Do Son October 13, 2025

Oracle has issued an emergency Security Alert Advisory for a newly discovered vulnerability affecting Oracle E-Business Suite,...

Critical Auth Bypass (CVE-2025-61928) in Better Auth Allows Hackers to Steal User API Keys Better Auth Bypass, rou3 Path Normalization Better Auth Bypass, CVE-2025-61928 Better Auth vulnerability

Better Auth Bypass, rou3 Path Normalization Better Auth Bypass, CVE-2025-61928 Better Auth vulnerability

Critical Auth Bypass (CVE-2025-61928) in Better Auth Allows Hackers to Steal User API Keys

Do Son October 13, 2025

A critical authentication bypass vulnerability has been discovered in Better Auth, a popular framework-agnostic authentication and authorization...

Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters Akka Remote Authentication Bypass, CVE-2025-61778

Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters

Do Son October 9, 2025

The Akka.NET team has issued a critical security advisory for a severe vulnerability in its Akka.Remote module...

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin

Do Son October 8, 2025

Security researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass vulnerability in...

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin WordPress Auth Bypass, CVE-2025-6388 Exploited

WordPress Auth Bypass, CVE-2025-6388 Exploited

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin

Do Son October 3, 2025

A newly disclosed vulnerability in the Spirit Framework plugin for WordPress has put thousands of websites at...

Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication

Do Son October 2, 2025

The Termix project has disclosed a critical authentication bypass vulnerability in its official Docker image, exposing sensitive...

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform CVE-2022-43396 Apache Kylin, Authentication Bypass

CVE-2022-43396 Apache Kylin, Authentication Bypass

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform

Do Son October 1, 2025

The Apache Software Foundation has published a new security advisory disclosing three vulnerabilities in Apache Kylin, a...

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens Formbricks Auth Bypass, CVE-2025-59934

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens

Do Son September 27, 2025

The Formbricks project, an open-source platform for building in-app and website surveys, has released an urgent patch...

Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565 Nokia vulnerability CVE-2023-49564, CVE-2023-49565

Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565

Do Son September 19, 2025

Nokia has published a security advisory warning customers of two high-severity vulnerabilities affecting its CloudBand Infrastructure Software...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns of Critical Flaw in Delta DIALink: CVE-2025-58321 (CVSS 10.0)

Do Son September 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning about two serious...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild

Do Son September 16, 2025

Hackers are exploiting a critical authentication bypass vulnerability in the Case Theme User plugin, a WordPress plugin...

CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060) CUPS vulnerability, Linux printing

CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060)

Do Son September 15, 2025

OpenPrinting has released patches addressing two significant security flaws in the Common Unix Printing System (CUPS), a...

CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access

Do Son September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in...