Authentication Bypass Archives • Page 9 of 10 • Daily CyberSecurity

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks

Do Son July 9, 2025

iemens has released a critical security advisory detailing multiple high-severity vulnerabilities affecting SINEC NMS, its flagship network...

Critical Flaws in Phoenix Contact EV Charging Controllers Expose Infrastructure to Remote Code Execution and Unauthorized Access Phoenix Contact, Critical Vulnerabilities

Phoenix Contact, Critical Vulnerabilities

Critical Flaws in Phoenix Contact EV Charging Controllers Expose Infrastructure to Remote Code Execution and Unauthorized Access

Do Son July 9, 2025

In a coordinated disclosure with CERT@VDE, Phoenix Contact GmbH & Co. KG has issued an urgent advisory...

CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover WAGO Device Sphere, Critical Vulnerability

WAGO Device Sphere, Critical Vulnerability

CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover

Do Son July 8, 2025

A coordinated disclosure by CERT@VDE and WAGO has unveiled a devastating vulnerability—CVE-2025-41672—impacting WAGO’s industrial automation platform Device...

ScriptCase Flaws (CVE-2025-47227/47228): Pre-Auth RCE & Admin Takeover Risk for Web Servers, PoC Published ScriptCase RCE, Pre-Auth Vulnerability

ScriptCase Flaws (CVE-2025-47227/47228): Pre-Auth RCE & Admin Takeover Risk for Web Servers, PoC Published

Do Son July 7, 2025

In a recent security advisory, researchers from Synacktiv revealed two chained vulnerabilities in ScriptCase’s Production Environment module—known...

Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs Pilz IndustrialPI, Critical Vulnerabilities

Pilz IndustrialPI, Critical Vulnerabilities

Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs

Do Son July 2, 2025

Two critical vulnerabilities recently disclosed by CERT@VDE, in coordination with industrial automation company Pilz, highlight a sobering...

Mitsubishi Electric Air Conditioning Systems Vulnerable to Remote Authentication Bypass (CVSS 9.8) Mitsubishi Electric, Critical Vulnerability

Mitsubishi Electric, Critical Vulnerability

Mitsubishi Electric Air Conditioning Systems Vulnerable to Remote Authentication Bypass (CVSS 9.8)

Do Son June 27, 2025

A newly disclosed critical vulnerability—CVE-2025-3699—affecting a wide range of Mitsubishi Electric air conditioning system models has raised...

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access MICROSENS NMP Web+, Critical Vulnerabilities

MICROSENS NMP Web+, Critical Vulnerabilities

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access

Do Son June 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning users of multiple high-impact...

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models MFP Vulnerabilities, Printer Security

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models

Do Son June 26, 2025

In a major coordinated disclosure, Rapid7 has unveiled a disturbing set of vulnerabilities affecting a wide range...

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software ControlID iDSecure, Access Control Vulnerabilities

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software

Do Son June 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk advisory on three newly discovered vulnerabilities...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Quest Patches Critical KACE SMA Flaws, Including CVSS 10 Authentication Bypass

Do Son June 26, 2025

Quest Software has released urgent security hotfixes addressing four newly discovered vulnerabilities in its KACE Systems Management...

From Bypass to Root: Mandiant Red Team Exploits CVE-2025-2171 and CVE-2025-2172 in Aviatrix Cloud Controller

Do Son June 24, 2025

Mandiant successfully breached a fully patched instance of the Aviatrix Controller—a central component in Software-Defined Networking (SDN)...

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways KAON Wi-Fi Gateway, Authentication Bypass

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

Do Son June 19, 2025

A critical vulnerability has been disclosed in KAON’s KCM3100 Wi-Fi gateway devices that could allow attackers to...

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass

Do Son June 17, 2025

Gamers and PC enthusiasts relying on ASUS Armoury Crate to manage their high-performance systems are urged to...

Critical Teleport Flaw (CVSS 9.8): Remote Authentication Bypass Threatens Infrastructure Access Teleport Vulnerability, Remote Authentication Bypass

Teleport Vulnerability, Remote Authentication Bypass

Critical Teleport Flaw (CVSS 9.8): Remote Authentication Bypass Threatens Infrastructure Access

Do Son June 17, 2025

Teleport, a leading platform for secure infrastructure access, has disclosed a critical remote authentication bypass vulnerability—tracked as...

CVE-2025-41646: Critical Authentication Bypass in RevPi Webstatus Threatens Industrial Systems RevPi Webstatus, Authentication Bypass

CVE-2025-41646: Critical Authentication Bypass in RevPi Webstatus Threatens Industrial Systems

Do Son June 10, 2025

KUNBUS has issued a critical security advisory for its RevPi Webstatus application following the discovery of an...

Critical 9.8 CVSS Authentication Bypass in HPE StoreOnce Software HPE StoreOnce, Authentication Bypass

Critical 9.8 CVSS Authentication Bypass in HPE StoreOnce Software

Do Son June 3, 2025

Hewlett Packard Enterprise (HPE) has issued a security bulletin detailing multiple severe vulnerabilities in its StoreOnce Software,...

Critical 10.0 CVSS Flaws Found in Netwrix Directory Manager v11 – Patch Immediately! Netwrix, Directory Manager Vulnerabilities

Critical 10.0 CVSS Flaws Found in Netwrix Directory Manager v11 – Patch Immediately!

Do Son May 31, 2025

Netwrix, a provider of identity governance and access management solutions, has issued a critical security advisory warning...

Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise Weidmueller vulnerability Industrial switch hack

Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise

Do Son May 28, 2025

Weidmueller Interface GmbH & Co. KG, a global manufacturer of industrial connectivity and automation solutions, has disclosed...

Critical NETGEAR Router Flaw Enables Full Admin Access via Hidden Backdoor (PoC Included) NETGEAR, Authentication Bypass

Critical NETGEAR Router Flaw Enables Full Admin Access via Hidden Backdoor (PoC Included)

Do Son May 23, 2025

A newly disclosed and highly critical vulnerability, tracked as CVE-2025-4978 with a CVSSv4 score of 9.3, has...

Unpatched 0-Days (CVSS 10): Versa Concerto Flaws Threaten Enterprise Networks Versa Concerto exploit, SD-WAN security

Unpatched 0-Days (CVSS 10): Versa Concerto Flaws Threaten Enterprise Networks

Do Son May 22, 2025

Versa Concerto, a popular SD-WAN and network orchestration platform used by large enterprises and governments, is under...