PROBABLYPWNED
Home/Tag/Authentication Bypass

Authentication Bypass

34 articles tagged with "Authentication Bypass"

Oracle E-Business CVE-2026-46817 Under Active Attack—CVSS 9.8
Vulnerabilities3 min read

Oracle E-Business CVE-2026-46817 Under Active Attack—CVSS 9.8

Critical authentication bypass in Oracle Payments (CVE-2026-46817) is being actively exploited. Over 900 vulnerable instances exposed online, with attackers achieving system takeover via unauthenticated HTTP requests.

Marcus ChenJul 6, 2026
Cisco Webex SSO Flaw Let Attackers Impersonate Any User
Vulnerabilities4 min read

Cisco Webex SSO Flaw Let Attackers Impersonate Any User

CVE-2026-20184 (CVSS 9.8) in Cisco Webex Services allowed unauthenticated attackers to impersonate any user through SSO certificate validation bypass. Cloud service already patched.

Vulnerability DeskApr 22, 2026
FortiSandbox Auth Bypass and RCE Flaws Score CVSS 9.1
Vulnerabilities3 min read

FortiSandbox Auth Bypass and RCE Flaws Score CVSS 9.1

Fortinet patches two critical FortiSandbox vulnerabilities allowing unauthenticated attackers to bypass authentication and execute code. Upgrade to 4.4.9 or 5.0.6 immediately.

Vulnerability DeskApr 18, 2026
Quest KACE SMA CVSS 10.0 Flaw Exploited in the Wild
Vulnerabilities3 min read

Quest KACE SMA CVSS 10.0 Flaw Exploited in the Wild

Attackers exploiting CVE-2025-32975 authentication bypass in Quest KACE to hijack admin accounts and deploy credential harvesters. Patched in May 2025—many remain exposed.

Vulnerability DeskMar 24, 2026
Caddy Server Flaw Lets Users Impersonate Admins
Vulnerabilities4 min read

Caddy Server Flaw Lets Users Impersonate Admins

CVE-2026-30851 in Caddy's forward_auth module enables identity injection and privilege escalation. Any valid user can impersonate administrators. Update to 2.11.2.

Vulnerability DeskMar 8, 2026
SmarterMail Flaw Exploited in Ransomware Attacks
Vulnerabilities3 min read

SmarterMail Flaw Exploited in Ransomware Attacks

CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.

Vulnerability DeskFeb 6, 2026
Auth Bypass in Network Appliances: A Pattern Emerges
Security Guides6 min read

Auth Bypass in Network Appliances: A Pattern Emerges

From Fortinet to SonicWall, authentication bypass vulnerabilities share common traits. Understanding these patterns helps security teams prioritize patching.

ProbablyPwned Editorial TeamJan 10, 2026
IBM API Connect Auth Bypass Rated CVSS 9.8
Vulnerabilities4 min read

IBM API Connect Auth Bypass Rated CVSS 9.8

CVE-2025-13915 allows remote attackers to bypass authentication without credentials. Affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 used by major banks and airlines.

Vulnerability DeskJan 1, 2026