Hackers exploit critical auth bypass in Gitea Docker image
Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to imperson...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
110 articles found
Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to imperson...
The vulnerability stems from an insecure default configuration in Gitea's official Docker images (versions prior to 1.26.
Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software. The post Palo Al...
The U.S.
Attackers are exploiting a critical Gitea flaw (CVE-2026-20896) that bypasses authentication with a single HTTP header, exposing repositories and sensitive d...
BeyondTrust has disclosed multiple critical and high-severity vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) appliances...
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if su...
Discuz! X5.
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to ...
JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and u...
The Apache Software Foundation has disclosed two security vulnerabilities in Apache Tomcat that can lead to authentication bypass and improper enforcement of...
U.S.
The disclosed exploits include a critical pre-authentication remote code execution vulnerability in libssh2 (CVE-2026-55200) and an authentication bypass vul...
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assign...
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported m...
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48558 SimpleHel...
Curl fixed 18 vulnerabilities, including a 25-year-old bug, with issues spanning auth bypass, memory safety, and host validation in libcurl. Curl maintainers...
This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to explo...
This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to explo...