Security news aggregator

Latest coverage for Unauthenticated

Stay updated on unauthenticated access risks with the latest news and insights in information security. Keep your data safe from unauthorized breaches.

401 headlines in this view

Unauthenticated

Unauthenticated in the context of information security is the state or characteristic where an action or request is performed without proof of identity. This occurs when a system allows access to its resources, data, or services without requiring the user to provide credentials, such as a username and password, or other forms of identification and verification.

In cyber security, unauthenticated access is a significant concern because it can lead to unauthorized disclosure of information, data breaches, and system compromise. Protecting against unauthenticated attacks involves implementing robust authentication mechanisms, access controls, and monitoring systems to detect and prevent unpermitted entry or data retrieval.

Showing 20 most recent headlines of 401 Filtered view

Security Affairs 18 hours, 9 minutes ago

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]

More from Security Affairs 3 Jun 2026, 5:03 p.m. CVE-2026-0826 CVE Critical Disclosure Patch Remote Code Execution Root Unauthenticated VoIP

The Hacker News 1 day, 4 hours ago

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation

More from The Hacker News 3 Jun 2026, 6:14 a.m. Incident · 3 stories Actively exploited CVE-2024-21182 America CISA CVE Flaw Oracle Unauthenticated Vulnerability

Security Affairs 2 days, 11 hours ago

CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours. WP Maps Pro plugin allows WordPress site owners to embed Google Maps and OpenStreetMap with markers, listings, and location search. It’s a store locator tool. Unremarkable. The plugin is installed on over 15,000 websites, according to sale […]

More from Security Affairs 1 Jun 2026, 11:36 p.m. Incident · 3 stories CVE-2026-8732 Blocked CVE Flaw Google Tools Unauthenticated Wordpress

The Hacker News 1 week ago

Gitea Vulnerability Exposes Private Container Images without Authentication

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials

More from The Hacker News 27 May 2026, 10:06 p.m. Authentication CVE Credentials Disclosure Flaw Open Source Research Unauthenticated Vulnerability

The Hacker News 1 week, 2 days ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks

More from The Hacker News 26 May 2026, 12:02 a.m. Incident · 5 stories CVE-2026-26980 API CVE Critical Disclosure Flaw JavaScript SQL Threat Actor Unauthenticated Vulnerability

Security Affairs 1 week, 4 days ago

CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

Bank Info Security 1 week, 5 days ago

RondoDox Botnet Exploits 2018 Flaw in Asus Routers

Botnet Operators Execute First Known Exploit of Nearly Decade-Old FlawOperators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17.

More from Bank Info Security 23 May 2026, 11:00 a.m. Incident · 5 stories Botnet Exploit Flaw Remote Code Execution Root Routers Unauthenticated Vulnerability

The Hacker News 1 week, 5 days ago

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data

More from The Hacker News 22 May 2026, 5:36 p.m. Incident · 3 stories API Authentication CVE Cisco Exploit Flaw Patch Unauthenticated Vulnerability

Dark Reading 2 weeks ago

Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control

An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.

More from Dark Reading 21 May 2026, 4:12 a.m. Incident · 2 stories Critical Exploit Flaw Operational Technology Outage Patch Unauthenticated Vulnerability

Bleeping Computer 2 weeks, 1 day ago

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. [...]

More from Bleeping Computer 20 May 2026, 10:25 a.m. Artificial Intelligence Exposure Flaw Python Unauthenticated Vulnerability

Bank Info Security 2 weeks, 5 days ago

New Cisco SD-WAN Zero-Day Grants Admin Access

Broken vdaemon Peering Authentication Enables Unauthenticated Admin AccessA maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without authentication. The authentication bypass vulnerability stems from a broken peering authentication mechanism.

More from Bank Info Security 16 May 2026, 10:30 a.m. Incident · 4 stories 0-Day Authentication Bypass Cisco Unauthenticated Vulnerability

The Hacker News 2 weeks, 6 days ago

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years

More from The Hacker News 14 May 2026, 6:00 p.m. Incident · 3 stories CVE Critical Disclosure Flaw Remote Code Execution Research Unauthenticated Vulnerability

Bleeping Computer 3 weeks ago

New critical Exim mailer flaw allows remote code execution

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. [...]

More from Bleeping Computer 14 May 2026, 8:23 a.m. Incident · 3 stories Critical Flaw Open Source Remote Code Execution Unauthenticated Vulnerability

The Hacker News 3 weeks, 3 days ago

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory

More from The Hacker News 11 May 2026, 12:41 a.m. CVE Critical Disclosure Flaw Leak Research Unauthenticated Vulnerability

The Hacker News 3 weeks, 6 days ago

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026

More from The Hacker News 8 May 2026, 1:34 a.m. Incident · 14 stories Authentication CVE Critical Disclosure Exploit Flaw Palo Alto Networks Remote Code Execution Root Threat Actor Unauthenticated Vulnerability

The Hacker News 4 weeks ago

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild

More from The Hacker News 6 May 2026, 6:14 p.m. Incident · 14 stories Authentication CVE Critical Flaw Palo Alto Networks Remote Code Execution Unauthenticated Vulnerability Warning

The Hacker News 4 weeks, 1 day ago

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck

More from The Hacker News 5 May 2026, 11:56 p.m. Incident · 5 stories CVE-2026-29014 CVE Critical Flaw Open Source PHP Remote Code Execution Threat Actor Unauthenticated Vulnerability

The Hacker News 4 weeks, 1 day ago

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild

More from The Hacker News 5 May 2026, 7:37 p.m. Incident · 2 stories CVE-2026-22679 API Automation CVE Critical DevOps Flaw Remote Code Execution Unauthenticated Vulnerability

The Hacker News 1 month ago

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution

More from The Hacker News 28 Apr 2026, 11:18 p.m. Incident · 2 stories CVE Critical Disclosure Flaw Github Open Source Remote Code Execution Research Unauthenticated Vulnerability

The Register 1 month, 2 weeks ago

Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP

No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.…

More from The Register 16 Apr 2026, 5:52 a.m. Incident · 2 stories Authentication Bypass Critical Fortinet Patch Sandbox Unauthenticated Vulnerability

Loading more headlines...