authentication bypass
-
Attackers exploiting critical auth-bypass flaw in Service Finder WordPress theme
Security researchers at Wordfence say attackers are actively exploiting CVE-2025-5947, a critical authentication-bypass flaw in the Service Finder WordPress theme that can give attackers administrator access; a patch was released in version 6.1 and administrators are urged to update or stop using the theme.
-
High-severity authentication bypass patched in Passwordstate credential manager, vendor says
Click Studios has released a patch for Passwordstate to fix a high-severity authentication bypass vulnerability that could allow attackers to access the emergency access page and the admin area. The vulnerability affects Passwordstate deployments used by thousands of customers and security professionals, with a CVE identifier not yet assigned. The company has published a forum…
-
Mitel Issues Critical Security Patch for MiVoice MX-ONE Amid Vulnerability Concerns
Mitel Networks has released critical security updates for its MiVoice MX-ONE platform, addressing an authentication bypass vulnerability and a high-severity SQL injection flaw in MiCollab, urging customers to apply patches promptly.
