Home/Tag/Authentication Bypass

Authentication Bypass

12 articles tagged with "Authentication Bypass"

Vulnerabilities4 min read

Ivanti EPM Auth Bypass Now Under Active Exploitation, CISA Warns

CVE-2026-1603 allows unauthenticated attackers to steal credential vaults from Ivanti Endpoint Manager. CISA added it to KEV catalog after exploitation detected.

Marcus ChenMar 11, 2026

Vulnerabilities4 min read

Caddy Server Flaw Lets Users Impersonate Admins

CVE-2026-30851 in Caddy's forward_auth module enables identity injection and privilege escalation. Any valid user can impersonate administrators. Update to 2.11.2.

Marcus ChenMar 8, 2026

Vulnerabilities4 min read

WeGIA Charity Management Platform Exposes Three Critical Flaws

CVE-2026-28408 and related vulnerabilities allow unauthenticated attackers to bypass security, inject data, and execute code on WeGIA servers. Patch to version 3.6.5 immediately.

Marcus ChenFeb 28, 2026

Vulnerabilities3 min read

Vikunja Auth Flaw Lets Attackers Maintain Access After Password Reset

CVE-2026-27575 combines weak password enforcement with persistent sessions in Vikunja, enabling attackers to retain access even after victims change credentials.

Marcus ChenFeb 27, 2026

Vulnerabilities3 min read

SmarterMail Flaw Exploited in Ransomware Attacks

CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.

Marcus ChenFeb 6, 2026

Vulnerabilities3 min read

SolarWinds Web Help Desk Gets Emergency Patches for Four Critical Flaws

Deserialization bugs and authentication bypasses enable unauthenticated RCE. Attackers have targeted WHD vulnerabilities before.

Marcus ChenJan 30, 2026

Vulnerabilities4 min read

Fortinet FortiCloud SSO Zero-Day Exploited to Hijack Firewalls

CVE-2026-24858 allows attackers with FortiCloud accounts to log into other organizations' FortiGate devices. Patches rolling out now.

Marcus ChenJan 28, 2026

Vulnerabilities4 min read

SmarterMail Auth Bypass Lets Attackers Reset Admin Passwords

CVE-2026-23760 enables unauthenticated admin takeover in SmarterMail. Exploitation began two days after patch release.

Marcus ChenJan 27, 2026

Vulnerabilities3 min read

11-Year-Old Telnet Bug Hands Attackers Root Access

CVE-2026-24061 allows remote authentication bypass in GNU InetUtils telnetd. Exploitation activity detected within hours of disclosure.

Marcus ChenJan 24, 2026

Security Guides6 min read

Auth Bypass in Network Appliances: A Pattern Emerges

From Fortinet to SonicWall, authentication bypass vulnerabilities share common traits. Understanding these patterns helps security teams prioritize patching.

Emily ParkJan 10, 2026

Vulnerabilities4 min read

IBM API Connect Auth Bypass Rated CVSS 9.8

CVE-2025-13915 allows remote attackers to bypass authentication without credentials. Affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 used by major banks and airlines.

Marcus ChenJan 1, 2026

Vulnerabilities3 min read

Critical Fortinet FortiGate Auth Bypass Under Active Exploitation

Two critical CVSS 9.8 vulnerabilities in FortiGate devices are being actively exploited just days after patch release. Attackers targeting SSO authentication.

Marcus ChenDec 16, 2025