PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration fra...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1556 — Modify Authentication Process (Credential Access)
Clear filter53 articles found
PraisonAI vulnerability gets scanned within 4 hours of disclosure
A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours aft...
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonA...
[webapps] ePati Antikor NGFW 2.0.1301 - Authentication Bypass
ePati Antikor NGFW 2.0.
200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin
On May 8, 2026, PRISM, Wordfence Threat Intelligence’s autonomous vulnerability research platform, discovered a critical Authentication Bypass vulnerability ...
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager...
cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940
A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a hi...
Cisco Identity Services Engine Authentication Bypass Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages t...
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication by...
ABB Edgenius Management Portal
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to send a specially crafted message to the system node allowing the a...
[webapps] FUXA 1.2.8 - Authentication Bypass + RCE Exploit
FUXA 1.2.
CVE-2026-41940: cPanel & WHM Authentication Bypass
Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel...
ZDI-26-300: Flowise AccountService resetPassword Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Flowise. Authentication is not required to exploit this vuln...
ZDI-26-298: Siemens SINEC NMS Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Siemens SINEC NMS. Authentication is not required to exploit...
Cisco Secure Web Appliance Authentication Bypass Vulnerability
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacke...
Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.
ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit ...
Cisco Integrated Management Controller Authentication Bypass Vulnerability
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypas...
ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not requ...
ZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this v...