Home/Tag/Authentication Bypass

Authentication Bypass

8 articles tagged with "Authentication Bypass"

Vulnerabilities3 min read

SmarterMail Flaw Exploited in Ransomware Attacks

CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.

Marcus ChenFeb 6, 2026

Vulnerabilities3 min read

SolarWinds Web Help Desk Gets Emergency Patches for Four Critical Flaws

Deserialization bugs and authentication bypasses enable unauthenticated RCE. Attackers have targeted WHD vulnerabilities before.

Marcus ChenJan 30, 2026

Vulnerabilities4 min read

Fortinet FortiCloud SSO Zero-Day Exploited to Hijack Firewalls

CVE-2026-24858 allows attackers with FortiCloud accounts to log into other organizations' FortiGate devices. Patches rolling out now.

Marcus ChenJan 28, 2026

Vulnerabilities4 min read

SmarterMail Auth Bypass Lets Attackers Reset Admin Passwords

CVE-2026-23760 enables unauthenticated admin takeover in SmarterMail. Exploitation began two days after patch release.

Marcus ChenJan 27, 2026

Vulnerabilities3 min read

11-Year-Old Telnet Bug Hands Attackers Root Access

CVE-2026-24061 allows remote authentication bypass in GNU InetUtils telnetd. Exploitation activity detected within hours of disclosure.

Marcus ChenJan 24, 2026

Security Guides6 min read

Auth Bypass in Network Appliances: A Pattern Emerges

From Fortinet to SonicWall, authentication bypass vulnerabilities share common traits. Understanding these patterns helps security teams prioritize patching.

Emily ParkJan 10, 2026

Vulnerabilities4 min read

IBM API Connect Auth Bypass Rated CVSS 9.8

CVE-2025-13915 allows remote attackers to bypass authentication without credentials. Affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 used by major banks and airlines.

Marcus ChenJan 1, 2026

Vulnerabilities3 min read

Critical Fortinet FortiGate Auth Bypass Under Active Exploitation

Two critical CVSS 9.8 vulnerabilities in FortiGate devices are being actively exploited just days after patch release. Attackers targeting SSO authentication.

Marcus ChenDec 16, 2025