Monthly
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Authentication bypass in VillaTheme's Abandoned Cart Recovery for WooCommerce (versions through 1.1.12) allows unauthenticated remote attackers to access protected functionality via an alternate authentication path or channel (CWE-288). The CVSS vector confirms network-reachable, zero-complexity exploitation requiring no privileges or user interaction, yielding partial confidentiality and integrity compromise. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated nature elevate practical risk for any WooCommerce store running this plugin.
Authentication bypass in the Metagauss ProfileGrid WordPress plugin (versions up to and including 5.9.9.6) lets remote unauthenticated attackers abuse the password recovery flow as an alternate channel to hijack arbitrary user accounts, including administrators. Because the flaw is exploitable over the network with no privileges and no user interaction (CVSS 7.5, I:H), it enables full account takeover on affected WordPress sites. No public exploit is identified at time of analysis and it is not in CISA KEV, but the low attack complexity makes it an attractive target once details circulate.
Authentication bypass in the miniOrange OAuth Single Sign On - SSO (OAuth Client) WordPress plugin (versions up to and including 38.5.8) lets remote unauthenticated attackers abuse an alternate authentication path in the password-recovery flow to log in as arbitrary users, including administrators. Rated CVSS 9.8, the flaw grants full account takeover without credentials or user interaction; there is no public exploit identified at time of analysis, but the plugin's SSO role and low attack complexity make it a high-value target.
Kiosk restriction bypass in the Code 27 Companion Hub allows an attacker with physical device access to perform a factory reset that completely circumvents the kiosk protection mechanism, granting full control over the device. The flaw (CWE-288) represents a protection mechanism failure where an alternate path - the factory reset function - is not gated by the same access controls as the restricted kiosk environment. A publicly available proof-of-concept exploit exists on GitHub, and while SSVC rates exploitation status as none and EPSS sits at 0.21% (11th percentile), the availability of working exploit code lowers the barrier for opportunistic physical-access attacks.
Authentication bypass in MicroRealEstate (open-source property/real-estate management platform) through version 1.0.0-alpha3 lets remote unauthenticated attackers brute-force the One-Time Password (OTP) login flow to authenticate as any user. Because the OTP tokens are not tracked in server-side state, codes are not invalidated or rate-limited across attempts, collapsing the effective keyspace and enabling account takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authentication bypass in the default SFTP server component shared across Ciena's 6500 S-Series, 6500 T-Series, PTS, and CPL packet-optical transport platforms allows a remote, unauthenticated attacker to reach the underlying filesystem and read or modify system files. Rated CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and classified as CWE-288, the flaw undermines the primary access control on management-plane file transfer. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Cross-tenant consent leakage in WSO2 Identity Server and WSO2 API Manager multi-tenant deployments lets a SaaS application in one tenant inherit OAuth/OpenID consent that a user granted to a same-named application in a different tenant, breaking tenant isolation of authorization scopes. Because matching is done by application name rather than a tenant-scoped identifier, an application in attacker-controlled tenant B can read and modify a victim's data in tenant A without that user's explicit authorization. No active exploitation is reported (not in CISA KEV, EPSS 0.15%/4th percentile) and no public exploit is identified, but a vendor patch is available.
Authentication bypass in the Wikimedia Foundation's WikiLambda extension for MediaWiki allows unauthenticated remote attackers to circumvent access controls via improper neutralization of input terminator characters (CWE-288). Affected are all WikiLambda deployments running versions prior to 1.43.9, 1.44.6, and 1.45.4 across the supported MediaWiki release branches. No public exploit or CISA KEV listing has been identified at time of analysis, though the network-accessible, zero-prerequisite attack vector warrants prompt patching.
Authentication bypass in the Delta Electronics AS228T programmable logic controller allows remote attackers to circumvent authentication controls and gain unauthorized access to controller functions over the network, threatening the integrity and availability of the industrial process it governs. The CVSS 3.1 base score is 7.4 (High), driven by high integrity and availability impact (I:H/A:H) with no confidentiality loss, but tempered by high attack complexity (AC:H). At the time of analysis there is no public exploit identified and the flaw is not listed in CISA KEV; no EPSS value was supplied.
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Authentication bypass in VillaTheme's Abandoned Cart Recovery for WooCommerce (versions through 1.1.12) allows unauthenticated remote attackers to access protected functionality via an alternate authentication path or channel (CWE-288). The CVSS vector confirms network-reachable, zero-complexity exploitation requiring no privileges or user interaction, yielding partial confidentiality and integrity compromise. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated nature elevate practical risk for any WooCommerce store running this plugin.
Authentication bypass in the Metagauss ProfileGrid WordPress plugin (versions up to and including 5.9.9.6) lets remote unauthenticated attackers abuse the password recovery flow as an alternate channel to hijack arbitrary user accounts, including administrators. Because the flaw is exploitable over the network with no privileges and no user interaction (CVSS 7.5, I:H), it enables full account takeover on affected WordPress sites. No public exploit is identified at time of analysis and it is not in CISA KEV, but the low attack complexity makes it an attractive target once details circulate.
Authentication bypass in the miniOrange OAuth Single Sign On - SSO (OAuth Client) WordPress plugin (versions up to and including 38.5.8) lets remote unauthenticated attackers abuse an alternate authentication path in the password-recovery flow to log in as arbitrary users, including administrators. Rated CVSS 9.8, the flaw grants full account takeover without credentials or user interaction; there is no public exploit identified at time of analysis, but the plugin's SSO role and low attack complexity make it a high-value target.
Kiosk restriction bypass in the Code 27 Companion Hub allows an attacker with physical device access to perform a factory reset that completely circumvents the kiosk protection mechanism, granting full control over the device. The flaw (CWE-288) represents a protection mechanism failure where an alternate path - the factory reset function - is not gated by the same access controls as the restricted kiosk environment. A publicly available proof-of-concept exploit exists on GitHub, and while SSVC rates exploitation status as none and EPSS sits at 0.21% (11th percentile), the availability of working exploit code lowers the barrier for opportunistic physical-access attacks.
Authentication bypass in MicroRealEstate (open-source property/real-estate management platform) through version 1.0.0-alpha3 lets remote unauthenticated attackers brute-force the One-Time Password (OTP) login flow to authenticate as any user. Because the OTP tokens are not tracked in server-side state, codes are not invalidated or rate-limited across attempts, collapsing the effective keyspace and enabling account takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authentication bypass in the default SFTP server component shared across Ciena's 6500 S-Series, 6500 T-Series, PTS, and CPL packet-optical transport platforms allows a remote, unauthenticated attacker to reach the underlying filesystem and read or modify system files. Rated CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and classified as CWE-288, the flaw undermines the primary access control on management-plane file transfer. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Cross-tenant consent leakage in WSO2 Identity Server and WSO2 API Manager multi-tenant deployments lets a SaaS application in one tenant inherit OAuth/OpenID consent that a user granted to a same-named application in a different tenant, breaking tenant isolation of authorization scopes. Because matching is done by application name rather than a tenant-scoped identifier, an application in attacker-controlled tenant B can read and modify a victim's data in tenant A without that user's explicit authorization. No active exploitation is reported (not in CISA KEV, EPSS 0.15%/4th percentile) and no public exploit is identified, but a vendor patch is available.
Authentication bypass in the Wikimedia Foundation's WikiLambda extension for MediaWiki allows unauthenticated remote attackers to circumvent access controls via improper neutralization of input terminator characters (CWE-288). Affected are all WikiLambda deployments running versions prior to 1.43.9, 1.44.6, and 1.45.4 across the supported MediaWiki release branches. No public exploit or CISA KEV listing has been identified at time of analysis, though the network-accessible, zero-prerequisite attack vector warrants prompt patching.
Authentication bypass in the Delta Electronics AS228T programmable logic controller allows remote attackers to circumvent authentication controls and gain unauthorized access to controller functions over the network, threatening the integrity and availability of the industrial process it governs. The CVSS 3.1 base score is 7.4 (High), driven by high integrity and availability impact (I:H/A:H) with no confidentiality loss, but tempered by high attack complexity (AC:H). At the time of analysis there is no public exploit identified and the flaw is not listed in CISA KEV; no EPSS value was supplied.