Topic: authentication bypass
-
Urgent Patch: Critical Passwordstate Vulnerability Exposed
A critical security update is required for Passwordstate to address a high-severity vulnerability that allows attackers to bypass authentication and gain administrative control. The flaw involves a manipulated URL targeting the emergency access page, enabling unauthorized access to the administra...
Read More » -
Moxa Devices Expose Hard-Coded Credentials (CVE-2025-6950)
Moxa has urgently patched five critical vulnerabilities in its industrial network devices, including a severe flaw (CVE-2025-6950) that allows remote attackers to take full control without authentication. The vulnerabilities include authentication bypasses and privilege escalations, enabling unau...
Read More » -
60,000 Redis Servers Exposed by Critical Security Flaw
A critical vulnerability (CVE-2025-49844) in Redis, rated 10.0 in severity, allows attackers to gain full control over servers by exploiting a flaw in the Lua scripting engine that has existed for 13 years. Approximately 60,000 publicly accessible Redis servers with no authentication are at direc...
Read More » -
KernelSU v0.5.7 Vulnerability Exposes Android to Root Exploits
A security flaw in KernelSU 0.5.7 allows attackers to bypass authentication and gain root access on Android devices by exploiting a design flaw in APK file processing. Rooting frameworks like KernelSU often lack robust security measures, leading to vulnerabilities such as inadequate authenticatio...
Read More » -
1,200+ Citrix servers vulnerable to critical auth bypass flaw
Over 1,200 Citrix NetScaler systems remain vulnerable to CVE-2025-5777, a severe authentication bypass flaw enabling session hijacking and MFA bypass, with potential active exploitation despite Citrix's denial. The flaw, dubbed "Citrix Bleed 2," allows attackers to steal session tokens and creden...
Read More » -
Critical Server Vulnerability Actively Exploited - Patch Now!
A critical 10/10 severity vulnerability in AMI MegaRAC firmware (CVE-2024-54085) allows attackers to bypass authentication and gain full server control via BMCs, putting thousands of systems at risk. Exploits are now active in the wild, enabling attackers to pivot across networks, comprom...
Read More » -
Urgent: CISA Warns of Active Attacks on Critical Adobe Flaw
CISA has issued a critical alert about active exploitation of a maximum-severity vulnerability (CVE-2025-54253) in Adobe Experience Manager, allowing attackers to execute malicious code on unpatched systems. The flaw, discovered by security researchers, enables unauthenticated attackers to bypass...
Read More » -
3,000+ Unpatched NetScaler Devices Vulnerable to CitrixBleed 2
Over 3,300 Citrix NetScaler systems remain unpatched against CVE-2025-5777 (CitrixBleed 2), exposing organizations to session hijacking and data theft despite available fixes. The flaw allows attackers to bypass authentication, intercept session tokens, and compromise credentials, with active exp...
Read More » -
Thousands of Ruckus Networks Devices Vulnerable Due to Unpatched Flaws
Thousands of Ruckus Networks devices are exposed to critical unpatched vulnerabilities, allowing attackers to take control of enterprise wireless environments. The flaws affect Ruckus Virtual Smart Zone (vSZ) and Ruckus Network Director (RND), enabling risks like hardcoded credentials, authentica...
Read More » -
CitrixBleed 2 Vulnerability Actively Exploited
A critical vulnerability in Citrix NetScaler systems (CVE-2025-5777, CVSS 9.3), dubbed CitrixBleed 2, allows attackers to bypass authentication and compromise user sessions, similar to the 2023 CitrixBleed exploit. Attackers are actively exploiting the flaw, using tactics like MFA bypass, session...
Read More » -
Exploit Alert: Critical Adobe Experience Manager Flaw (CVE-2025-54253)
A critical security flaw (CVE-2025-54253) in Adobe Experience Manager Forms allows unauthenticated attackers to execute remote code, prompting CISA to flag it due to active exploitation. The vulnerability arises from Apache Struts "devMode" being enabled in the administrative interface combined w...
Read More » -
Microsoft GoAnywhere Bug Fuels Medusa Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform allows unauthenticated attackers to execute remote code, prompting urgent patching and removal of internet exposure. The flaw was exploited as a zero-day by Storm-1175, who used legitimate tools for reconnaissance and deplo...
Read More » -
Urgent: Patch Windows SMB Flaw Being Actively Exploited
A critical Windows SMB Client vulnerability (CVE-2025-33073) is being actively exploited, allowing attackers to gain SYSTEM-level privileges through a malicious script that compromises SMB connections. Microsoft patched the flaw in June 2025, and CISA has added it to its Known Exploited Vulnerabi...
Read More » -
Critical Redis Flaw Exposes Thousands of Instances
A critical security vulnerability (CVE-2025-49844) in Redis allows authenticated attackers to execute remote code via a use-after-free flaw in Lua scripting, posing a severe risk to systems. The flaw affects a vast number of organizations due to Redis's widespread use in cloud environments, and i...
Read More » -
Corporate Streaming Platforms at Risk: Sensitive Data Exposure Looms
Corporate streaming platforms for sensitive communications often have API vulnerabilities, exposing confidential data like private meetings and strategic discussions, unlike more secure entertainment services. Security researcher Farzan Karimi found that poorly secured APIs can bypass authenticat...
Read More »
