Contact Privacy DMCA

Robuta
https://cwe.mitre.org/data/definitions/294.html CWE - CWE-294: Authentication Bypass by Capture-replay (4.20) Common Weakness Enumeration (CWE) is a list of software weaknesses. authentication bypasscwecapturereplay https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2?ref=thestack.technology Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass... firewall managementsoftware authenticationciscosecurecenter https://www.cert.at/de/aktuelles/2026/4/aktive-ausnutzung-einer-schwerwiegenden-sicherheitslucke-in-cpanel-und-whm CERT.at Authentication Bypass in cPanel & WHM authentication bypasscertcpanelwhm https://advisories.gitlab.com/pypi/changedetection.io/CVE-2026-35490/ changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering | GitLab Advisory... CVE-2026-35490 changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering: On 13 routes across 5 blueprint files, the... authentication bypasschangedetectionvulnerable https://www.ncsc.govt.nz/alerts/authentication-bypass-vulnerability-in-cpanel-and-whm/ Authentication bypass vulnerability in cPanel and WHM The NCSC would like to draw your attention to CVE-2026-41940 affecting cPanel and WHM. We are aware of public proof-of-concept (PoC) code and reports of active... authentication bypassvulnerabilitycpanelwhm https://advisories.gitlab.com/golang/github.com/robotsandpencils/go-saml/CVE-2023-48703/ RobotsAndPencils go-saml authentication bypass vulnerability | GitLab Advisory Database (GLAD) CVE-2023-48703 RobotsAndPencils go-saml authentication bypass vulnerability: RobotsAndPencils go-saml, a SAML client library written in Go, contains an... saml authenticationgobypassvulnerabilitygitlab https://4nuxd.one/cwe/CWE-302 CWE-302: Authentication Bypass by Assumed-Immutable Data | Free CWE Database | 4nuxd The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modi | Explore CWE database,... authentication bypasscwe https://threatprotect.qualys.com/2022/01/18/zoho-manageengine-desktop-central-and-desktop-central-msp-authentication-bypass-vulnerability-cve-2021-44757/ Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability... authentication bypasszohomanageenginedesktopcentral https://pentest-tools.com/vulnerabilities-exploits/zoho-manageengine-servicedesk-plus-authentication-bypass_28301 Zoho ManageEngine ServiceDesk Plus - Authentication Bypass (CVE-2021-37415) - Vulnerability &... Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.. servicedesk plusauthentication bypasszohomanageenginecve https://cvefeed.io/vuln/detail/CVE-2019-4993 CVE-2019-4993 - Cisco Authentication Bypass Vulnerability Nov 7, 2023 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019.... authentication bypasscveciscovulnerability https://www.herodevs.com/blog-posts/cve-2026-5795-jetty-authentication-bypass-and-privilege-escalation-jaspiauthenticator HeroDevs Blog | CVE-2026-5795: Jetty Authentication Bypass and Privilege Escalation... CVE-2026-5795 is a CVSS 7.4 authentication bypass and privilege escalation vulnerability in Jetty's JASPIAuthenticator. Learn which versions are affected, how... authentication bypassherodevsblogcve https://www.cyberkendra.com/2024/11/okta-patches-critical-authentication.html Okta Patches Critical Authentication Bypass in AD/LDAP Integration - Cyber Kendra authentication bypassldap integrationoktapatchescritical https://www.exploit-db.com/exploits/49266 Magic Home Pro 1.5.1 - Authentication Bypass - Android webapps Exploit Dec 16, 2020 - Magic Home Pro 1.5.1 - Authentication Bypass.. webapps exploit for Android platform magic homeauthentication bypassproandroidwebapps https://cybersecured247.com/fortinet-releases-guidance-to-address-ongoing-exploitation-of-authentication-bypass-vulnerability-cve-2026-24858/ Fortinet Releases Guidance To Address Ongoing Exploitation Of Authentication Bypass Vulnerability... Jan 28, 2026 - Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 allows malicious actors with a FortiCloud account and a registered device authentication bypassfortinetreleasesguidanceaddress https://www.truesec.com/hub/blog/actively-exploited-authentication-bypass-vulnerabilities-in-fortigate-sso Actively Exploited Authentication Bypass Vulnerabilities in FortiGate SSO - Truesec Dec 23, 2025 - Fortinet has stated in their latest advisory that FortiCloud SSO login is disabled by default in factory settings. However according to ArcticWolf, when authentication bypassactivelyexploitedvulnerabilitiesfortigate https://www.clouddefense.ai/cve/2021/CVE-2021-21998 CVE-2021-21998: VMware Carbon Black App Control Authentication Bypass Vulnerability Learn about CVE-2021-21998 impacting VMware Carbon Black App Control versions 8.0, 8.1, 8.5, and 8.6. An attacker could exploit an authentication bypass flaw... vmware carbon blackapp controlauthentication bypasscve https://v2-17.kiali.io/news/security-bulletins/kiali-security-001/ KIALI-SECURITY-001 - Authentication bypass using forged credentials | Kiali Oct 6, 2021 - Description Disclosure date: March 25, 2020 Affected Releases: 0.4.0 to 1.15.0 Impact Score: 9.4 - AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H A vulnerability was... authentication bypasskialisecurityusingforged https://ccb.belgium.be/de/advisories/warning-critical-authentication-bypass-moveit-automation-cve-2026-4670-patch-immediately Warning: Critical authentication bypass in MOVEit Automation (CVE-2026-4670), Patch Immediately! |... authentication bypassmoveit automation https://www.codeant.ai/blogs/spring-security-penetration-testing-auth-bypass Spring Security Penetration Testing: Every Authentication Bypass Pattern Explained The complete Spring Security penetration testing guide covering web.ignoring() bypasses, filter chain gaps, JWT validation flaws, method security failures,... security penetration testingauthentication bypassspringeverypattern https://www.sentinelone.com/vulnerability-database/cve-2026-35664/ CVE-2026-35664: Openclaw Authentication Bypass Vulnerability CVE-2026-35664 is an authentication bypass vulnerability in Openclaw. Learn about its impact, affected versions, and mitigation methods. authentication bypasscveopenclawvulnerability https://portal.smartertools.com/community/a88102/smtp-authentication-bypass-by-domain-name-or-email-address.aspx SMTP Authentication Bypass by domain name or email address We have a hybrid environment with SmarterMail and Exchange running on Office 365. The emails are forwarded from SM to O365 to the few users th... smtp authenticationby domainbypassnameemail https://www.exploit-db.com/exploits/29709 Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass - Hardware webapps... Nov 19, 2013 - Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass. CVE-2013-5030CVE-98335 . webapps exploit for Hardware platform ruckus wirelessaccess pointauthentication bypasshardwarewebapps https://advisories.gitlab.com/pypi/rdiffweb/CVE-2022-4722/ rdiffweb vulnerable to Authentication Bypass by Primary Weakness | GitLab Advisory Database (GLAD) CVE-2022-4722 rdiffweb vulnerable to Authentication Bypass by Primary Weakness: In rdiffweb prior to 2.5.5, the username field is not unique to users. This... authentication bypass https://portswigger.net/support/using-sql-injection-to-bypass-authentication Using SQL Injection to Bypass Authentication - PortSwigger Using SQL Injection to Bypass Authentication In this example we will demonstrate a technique to bypass the authentication of a vulnerable login page using ... sql injectionusingbypassauthenticationportswigger https://breachspot.com/news/vulnerabilities/critical-authentication-bypass-vulnerability-discovered-in-vmware-carbon-black-app-controljune-24-2021vmware-has-released-security-updates-addressing-a-significant-vulnerability-in-carbon-black-app/ Critical Authentication Bypass Vulnerability Discovered in VMware Carbon Black App Control June 24,... Apr 20, 2026 - VMware Addresses Serious Authentication Flaw in Carbon Black App Control vmware carbon black https://cyber.netsecops.io/articles/gnu-inetutils-flaw-allows-remote-authentication-bypass-in-telnet-cve-2026-24061/ Critical GNU Inetutils Flaw Allows Root Access via Telnet Authentication Bypass - CyberNetSec.io Jan 22, 2026 - A critical authentication bypass vulnerability (CVE-2026-24061) in the telnet daemon of GNU Inetutils allows a remote attacker to gain root access to a... https://cvefeed.io/vuln/detail/CVE-2014-0370 CVE-2014-0370 - Oracle Siebel CRM Clinical Trip Report Authentication Bypass Apr 29, 2026 - Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability... oracle siebeltrip reportcve https://ccnax.com/cookie-theft-demo-bypass-two-factor-authentication-2fa/ Cookie Theft Demo: Bypass Two-Factor Authentication (2FA) - ccnax Apr 21, 2025 - Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker two factor authenticationcookietheftdemobypass https://security.snyk.io/vuln/SNYK-JS-OPENCLAW-15966966 Authentication Bypass Using an Alternate Path or Channel in openclaw | CVE-2026-42432 | Snyk High severity (7.3) Authentication Bypass Using an Alternate Path or Channel in openclaw | CVE-2026-42432 https://www.exploit-db.com/exploits/41167 KB Login Authentication Script 1.1 - Authentication Bypass - PHP webapps Exploit Jan 26, 2017 - KB Login Authentication Script 1.1 - Authentication Bypass.. webapps exploit for PHP platform login authenticationkbscriptbypassphp https://securityexpress.info/mfa-bypass-attacks-how-cybercriminals-evade-multi-factor-authentication/ MFA Bypass Attacks: How Cybercriminals Evade Multi-Factor Authentication - Tech News May 5, 2025 - Learn about sophisticated Adversary-in-the-Middle (AiTM) attacks that bypass MFA by intercepting credentials and session cookies, and how WebAuthn can help. multi factor authenticationmfa bypassattackscybercriminals https://cvefeed.io/vuln/detail/CVE-2020-14595 CVE-2020-14595 - Oracle iLearning Assessment Manager HTTP Authentication Bypass Nov 21, 2024 - Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Assessment Manager). Supported versions that are affected are 6.1 and 6.1.1.... assessment managerhttp authenticationcveoraclebypass https://cvefeed.io/vuln/detail/CVE-2025-68402 CVE-2025-68402 - FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch] Apr 28, 2026 - FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() is... https://www.intigriti.com/researchers/blog/bug-bytes/bug-bytes-134-saml-authentication-bypass-rce-in-pypi-lesser-known-xxe-attack-vectors Bug Bytes #134 - SAML authentication bypass, RCE in PyPI & Lesser known XXE attack vectors Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every... https://pentest-tools.com/vulnerabilities-exploits/qnap-music-station-540-authentication-bypass_28268 QNAP Music Station 5.4.0 - Authentication Bypass (CVE-2023-45038) - Vulnerability & Exploit... An improper authentication vulnerability has been reported to affect Music Station. https://webhosting.today/2026/05/04/cve-2026-41940-live-cpanel-authentication-bypass-active-exploitation-and-what-comes-next/ CVE-2026-41940 Live: cPanel Authentication Bypass, Active Exploitation, and What Comes Next -... May 4, 2026 - CVE-2026-41940, the cPanel authentication bypass exploited for 64 days before disclosure, bypassed 2FA entirely and exposed approximately 70 million domains... https://www.samgalope.dev/tag/authentication-bypass/ authentication bypass authenticationbypass https://pentest-tools.com/vulnerabilities-exploits/apache-http-server-247-2465-authentication-bypass-vulnerability-windows_28282 Apache HTTP Server 2.4.7 - 2.4.65 Authentication Bypass Vulnerability - Windows (CVE-2025-66200) -... Apache HTTP Server is prone to an authentication bypass vulnerability.. apache http server https://stackdiary-stg.website.bairesdev.dev/juniper-releases-emergency-patch-for-critical-authentication-bypass/ Juniper releases emergency patch for critical authentication bypass Jul 1, 2024 - Juniper Networks, a leading networking equipment manufacturer, has issued an emergency patch to address a critical security flaw in several of its products. juniperreleasesemergencypatchcritical https://docs.j7k6.net/bypass-ssh-error-too-many-authentication-failures/ Bypass SSH Error 'Too many authentication failures' too manybypassssherrorauthentication https://support.tibco.com/external/article/93539/is-it-possible-to-disable-or-bypass-apik.html Is it possible to disable or bypass APIKey authentication TIBCO API Exchange Gateway(APIX-G)? https://cvefeed.io/vuln/detail/CVE-2019-7488 CVE-2019-7488 - SonicWall Email Security Default Password Vulnerability ( Authentication Bypass) Nov 21, 2024 - Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability... email securitydefault passwordcvesonicwall https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass... Apr 29, 2026 - Hello! Yes, it's all a disaster again! Let's get this party started: 0:00 /0:12 1× No comments today, so imagine this: * We wrote something that we find very... the internetis fallingcpanel whmauthenticationbypass https://www.itsecuritynews.info/progress-patches-critical-moveit-automation-bug-enabling-authentication-bypass/ Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass - IT Security News May 4, 2026 - Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication... moveit automation https://www.exploit-db.com/exploits/52004 Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass - Hardware webapps... May 4, 2024 - Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass.. webapps exploit for Hardware platform https://www.exploit-db.com/exploits/52307?ref=Cyber_Intelligence_Report_Threat_Feed WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing - Multiple webapps... May 29, 2025 - WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing. CVE-2025-4094 . webapps exploit for Multiple platform https://www.thecybersignal.com/tag/multi-factor-authentication-mfa-bypass/ Multi-Factor Authentication (MFA) Bypass Threat actor techniques to circumvent MFA. Session token theft, real-time phishing proxies, SIM swapping, and SS7-based OTP interception. multi factor authenticationmfabypass https://iplogger.org/blog/fortinet-blocks-exploited-forticloud-sso-zero-day-until-patch-is-ready/ Fortinet Zero-Day: FortiCloud SSO Authentication Bypass (CVE-2026-24858) Under Active Exploitation Fortinet mitigates actively exploited FortiCloud SSO zero-day (CVE-2026-24858) by blocking vulnerable devices until patch release. https://cvefeed.io/vuln/detail/CVE-2011-4585 CVE-2011-4585 - Moodle HTTPS Forced Authentication Bypass Apr 29, 2026 - login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows... cvemoodlehttpsforcedauthentication https://cert.ug/cisco-sd-wan-authentication-bypass-under-active-exploitation-cve-2026-20128 Cisco SD-WAN Authentication Bypass Under Active Exploitation (CVE-2026-20128) | Uganda National... https://research.averlon.ai/vulnerability-intelligence/cve/CVE-2026-25660 CVE-2026-25660: Codechecker has an authentication bypass for certain API calls - Averlon... CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the... https://cxsecurity.com/issue/WLB-2021030139 KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass - CXSecurity.com LiquidWorm has realised a new security note KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass