authorization bypass

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

CVE News

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

Ivanti has issued an urgent patch advisory for two zero-day vulnerabilities (CVE-2025-4427 and CVE-2025-4428) affecting its Endpoint...

Ivanti Neurons for ITSM Critical Authentication Bypass: Patch Now to Mitigate Exploitable Flaws

CVE News

Ivanti Neurons for ITSM Critical Authentication Bypass: Patch Now to Mitigate Exploitable Flaws

Ivanti has issued urgent security updates for its Neurons for ITSM IT service management solution, addressing a...

Exploiting Regex Filter Flaws for Remote Code Execution: Analysis and Mitigation

CVE News

Exploiting Regex Filter Flaws for Remote Code Execution: Analysis and Mitigation

A recent security disclosure highlights how a seemingly robust frontend regex filter in a username field was...

Microsoft Telnet Zero-Click Credential Theft Vulnerability: Technical Analysis and Mitigation

CVE News

Microsoft Telnet Zero-Click Credential Theft Vulnerability: Technical Analysis and Mitigation

A critical zero-click vulnerability in Microsoft’s Telnet Client (telnet.exe) has been identified, allowing attackers to steal Windows...

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

Blue-Team

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

A widespread phishing campaign targeting WooCommerce store owners has been identified, leveraging fabricated security vulnerability alerts to...

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

CVE News

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Security researcher Alessandro Sgreccia (aka “rainpwn”) has disclosed critical vulnerabilities in Zyxel’s USG FLEX-H firewall series, enabling...

Critical Authentication Bypass in Apache Student Study Center Desk Management System (CVE-2023-44752)

CVE News

Critical Authentication Bypass in Apache Student Study Center Desk Management System (CVE-2023-44752)

A critical authentication bypass vulnerability (CVE-2023-44752) has been identified in the Apache Student Study Center Desk Management...

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

CVE News

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

A critical vulnerability (CVE-2025-2764) in CarlinKit CPC200-CCPA devices allows network-adjacent attackers to bypass cryptographic signature checks and...

Critical Authentication Bypass in Fortinet Products (CVE-2022-40684): Analysis and Mitigation

CVE News

Critical Authentication Bypass in Fortinet Products (CVE-2022-40684): Analysis and Mitigation

A critical authentication bypass vulnerability (CVE-2022-40684) affecting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager has been actively exploited since...

compop.ca 3.5.3 Arbitrary Code Execution Vulnerability (CVE-2024-48445)

CVE News

compop.ca 3.5.3 Arbitrary Code Execution Vulnerability (CVE-2024-48445)

A critical vulnerability in compop.ca version 3.5.3 has been disclosed, allowing arbitrary code execution due to an...

WebMethods Integration Server 10.15.0 Vulnerability: Unauthenticated Access to Admin Panel (CVE-2024-23733)

CVE News

WebMethods Integration Server 10.15.0 Vulnerability: Unauthenticated Access to Admin Panel (CVE-2024-23733)

A critical vulnerability in Software AG’s webMethods Integration Server 10.15.0 allows unauthenticated attackers to bypass authentication and...

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Red-Team

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

A newly documented proof-of-concept attack named “Cookie-Bite” demonstrates how malicious Chrome extensions can hijack browser session cookies...

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

CVE News

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

A high-severity vulnerability (CVE-2025-2594) has been identified in the WordPress User Registration & Membership plugin, allowing unauthenticated...

Critical Authentication Bypass in Seclore v3.27.5.0 (CVE-2024-53591)

CVE News

Critical Authentication Bypass in Seclore v3.27.5.0 (CVE-2024-53591)

A critical vulnerability (CVE-2024-53591) has been identified in Seclore v3.27.5.0 that allows attackers to bypass authentication through...

Critical Authentication Bypass in CHOCO TEI WATCHER mini Exposes Industrial Systems

CVE News

Critical Authentication Bypass in CHOCO TEI WATCHER mini Exposes Industrial Systems

A critical vulnerability (CVE-2025-25211) affecting all versions of the CHOCO TEI WATCHER mini (IB-MCT001) industrial monitoring device...

HTCondor Authorization Bypass Vulnerability (CVE-2025-30093): Technical Analysis and Mitigation

CVE News

HTCondor Authorization Bypass Vulnerability (CVE-2025-30093): Technical Analysis and Mitigation

A critical authorization bypass vulnerability in HTCondor, tracked as CVE-2025-30093, has been disclosed, affecting multiple versions of...

High-Severity Missing Authorization Flaw in Shinetheme Traveler WordPress Theme (CVE-2025-26733)

CVE News

High-Severity Missing Authorization Flaw in Shinetheme Traveler WordPress Theme (CVE-2025-26733)

A high-severity vulnerability (CVE-2025-26733) has been identified in the Shinetheme Traveler WordPress theme, affecting versions up to...

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Threat Intelligence

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Recent forensic investigations by Volexity have uncovered a sophisticated attack campaign exploiting two chained zero-day vulnerabilities in...

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Blue-Team

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Discretionary Access Control Lists (DACLs) serve as a fundamental security mechanism governing access to directory...

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

News

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Misconfigured WriteOwner permissions in Active Directory can enable attackers to take ownership of critical objects, bypass security...

Posts pagination

1 2 Next

authorization bypass

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

Ivanti Neurons for ITSM Critical Authentication Bypass: Patch Now to Mitigate Exploitable Flaws

Exploiting Regex Filter Flaws for Remote Code Execution: Analysis and Mitigation

Microsoft Telnet Zero-Click Credential Theft Vulnerability: Technical Analysis and Mitigation

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Critical Authentication Bypass in Apache Student Study Center Desk Management System (CVE-2023-44752)

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

Critical Authentication Bypass in Fortinet Products (CVE-2022-40684): Analysis and Mitigation

compop.ca 3.5.3 Arbitrary Code Execution Vulnerability (CVE-2024-48445)

WebMethods Integration Server 10.15.0 Vulnerability: Unauthenticated Access to Admin Panel (CVE-2024-23733)

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

Critical Authentication Bypass in Seclore v3.27.5.0 (CVE-2024-53591)

Critical Authentication Bypass in CHOCO TEI WATCHER mini Exposes Industrial Systems

HTCondor Authorization Bypass Vulnerability (CVE-2025-30093): Technical Analysis and Mitigation

High-Severity Missing Authorization Flaw in Shinetheme Traveler WordPress Theme (CVE-2025-26733)

Memory Forensics Exposes Ivanti VPN Zero-Day Exploits: A Critical Security Breakdown

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

You may have missed

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Google Chrome’s Security Update: Blocking Admin-Level Launches in Windows

Australian Human Rights Commission Data Breach: Technical Analysis and Impact