Security news aggregator

Latest coverage for Unauthenticated

Stay updated on unauthenticated access risks with the latest news and insights in information security. Keep your data safe from unauthorized breaches.

47 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Unauthenticated

Unauthenticated in the context of information security is the state or characteristic where an action or request is performed without proof of identity. This occurs when a system allows access to its resources, data, or services without requiring the user to provide credentials, such as a username and password, or other forms of identification and verification.

In cyber security, unauthenticated access is a significant concern because it can lead to unauthorized disclosure of information, data breaches, and system compromise. Protecting against unauthenticated attacks involves implementing robust authentication mechanisms, access controls, and monitoring systems to detect and prevent unpermitted entry or data retrieval.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 47 Filtered view

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]

More from Security Affairs 3 Jun 2026, 5:03 p.m. CVE-2026-0826 CVE Critical Disclosure Patch Remote Code Execution Root Unauthenticated VoIP

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation

More from The Hacker News 3 Jun 2026, 6:14 a.m. Incident · 3 stories Actively exploited CVE-2024-21182 America CISA CVE Flaw Oracle Unauthenticated Vulnerability

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours. WP Maps Pro plugin allows WordPress site owners to embed Google Maps and OpenStreetMap with markers, listings, and location search. It’s a store locator tool. Unremarkable. The plugin is installed on over 15,000 websites, according to sale […]

More from Security Affairs 1 Jun 2026, 11:36 p.m. Incident · 3 stories CVE-2026-8732 Blocked CVE Flaw Google Tools Unauthenticated Wordpress

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

More from The Hacker News 19 Mar 2026, 5:00 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Critical Disclosure Exploit Firewalls Flaw Java Ransomware Root Unauthenticated Vulnerability Warning

Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges

More from The Hacker News 19 Mar 2026, 1:30 a.m. CVE-2026-32746 CVE Critical Disclosure Flaw Remote Code Execution Research Root Unauthenticated Vulnerability

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023

More from The Hacker News 26 Feb 2026, 7:13 p.m. Actively exploited CVE-2026-20127 0-Day Authentication Bypass CVE Cisco Disclosure Flaw Unauthenticated Vulnerability

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild

More from The Hacker News 22 Jan 2026, 5:06 p.m. Actively exploited CVE-2026-20045 0-Day CVE Cisco Critical Patch Unauthenticated Vulnerability

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning