authentication bypass – Threat Note

From Security Week – CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

[[{"value":"Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161. The post CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability appeared first on…

shaikh Saqib April 1, 2025

News

From Cyber Security News – CrushFTP Vulnerability Exploited in Attacks Following PoC Release

Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code. Based on Shadowserver Foundation’s most recent…

shaikh Saqib April 1, 2025

News

From Cyber Security News – CrushFTP Vulnerability Exploited to Gain Full Server Access

A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, which affects versions 10.0.0 through…

shaikh Saqib March 31, 2025

News

From The Hacker News – New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

shaikh Saqib March 26, 2025

News

From Security Week – Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover

[[{"value":"A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks. The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover …

shaikh Saqib March 18, 2025

News

From The Hacker News – New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

shaikh Saqib March 18, 2025

News

From Cyber Security News – Kentico Xperience CMS Authentication Bypass Vulnerability Allow Attackers Execute Arbitrary Code Remotely

Researchers discovered critical vulnerabilities in Kentico’s Xperience CMS that could allow attackers to completely compromise affected systems. The vulnerabilities, identified as WT-2025-0006, WT-2025-0007, and WT-2025-0011, can be chained together to…

shaikh Saqib March 17, 2025

News

From Security Week – 8,000 New WordPress Vulnerabilities Reported in 2024

[[{"value":"Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on…

shaikh Saqib March 17, 2025

News

From Cyber Security News – Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication

Two critical authentication bypass vulnerabilities have been discovered in the ruby-saml library, potentially exposing numerous web applications to account takeover attacks. Security researchers from GitHub Security Lab have identified parser…

shaikh Saqib March 14, 2025

News

From Cyber Security News – Apache Pinot Vulnerability Let Attackers Bypass Authentication

A critical security vulnerability (CVE-2024-56325) in Apache Pinot, the open-source distributed OLAP datastore used by LinkedIn, Uber, and Microsoft for real-time analytics, allows unauthenticated attackers to bypass authentication controls and…

shaikh Saqib March 12, 2025

Vulnerabilities

From Cybersecurity Help – Edimax acknowledges exploited vulnerability in IC-7100 cameras, no patch

No security patches or firmware updates will be released because the product was discontinued more than ten years ago. Read More

shaikh Saqib March 11, 2025

News

From Cyber Security News – Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries

Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers. The flaw enables authenticated…

shaikh Saqib February 24, 2025

News

From Cyber Security News – Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks

Researchers uncovered critical zero-day vulnerabilities in Fluent Bit, a ubiquitous logging utility embedded in cloud infrastructure across major providers like AWS, Google Cloud, and Microsoft Azure. The flaws tracked as…

shaikh Saqib February 24, 2025

News

From Cyber Security News – UniFi Protect Camera Vulnerability Allows Remote Code Execution Attacks

Ubiquiti Networks has issued an urgent security advisory addressing five critical vulnerabilities in its UniFi Protect camera ecosystem, including two flaws enabling unauthenticated remote code execution (RCE) attacks. The vulnerabilities,…

shaikh Saqib February 24, 2025

News

From Security Week – Atlassian Patches Critical Vulnerabilities in Confluence, Crowd

[[{"value":"Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira. The post Atlassian Patches Critical Vulnerabilities in Confluence, Crowd appeared first on SecurityWeek."}]] Read…

shaikh Saqib February 20, 2025