Skip to main content

Tag: unauthenticated attacks

12 articles

Laptop on a minimalist desk with a potted plant and stack of paper in soft natural light.

WordPress Discloses Core Flaw Enabling Unauthenticated Code Execution

WordPress has patched a critical flaw that allowed hackers to execute code remotely without authentication, releasing versions 6.9.5 and 7.0.2 to fix the vulnerability. The update addresses a REST API batch-route confusion and SQL injection issue that could be triggered by a simple HTTP request.

Analyst 207
Dimly lit workspace with scattered notes and empty coffee cups, hinting at unease.

Cordyceps Flaws Compromise 300+ GitHub Repositories

A newly discovered flaw, dubbed Cordyceps, has left over 300 GitHub repositories vulnerable to exploitation by unauthenticated users, allowing for code execution, credential theft, and supply-chain compromise. This critical weakness can be easily exploited, putting countless open-source projects at risk.

Analyst 207
Blurred laptop screen and server rack in a brightly-lit workstation setting.

Attackers Exploit Langflow Path Traversal Flaw in Active Attacks

A single, unauthenticated request is all it takes to exploit a high-severity flaw in Langflow, a popular AI development platform, allowing attackers to write arbitrary files to its filesystem. This is made possible by a path traversal vulnerability, CVE-2026-5027, which can be easily triggered due to Langflow's default unauthenticated auto-login feature.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room with a highlighted server in the foreground.

LiteLLM Flaw Exploited in Wild, Enables Unauthenticated RCE

A high-severity flaw in BerriAI's LiteLLM, known as CVE-2026-42271, has been actively exploited, allowing unauthenticated users to execute commands remotely. This critical vulnerability affects LiteLLM versions 1.74.2 to 1.83.7 and has been deemed a major security risk.

Analyst 207
Rows of computer servers and equipment in a brightly-lit server room, with a central Oracle WebLogic Server device on a rack.

CISA Warns of Actively Exploited Oracle WebLogic Server Vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm on a highly exploitable Oracle WebLogic Server vulnerability, CVE-2024-21182, that's being actively targeted by threat actors. Over 1,592 vulnerable servers are currently exposed online, making it a pressing concern for organizations to patch up ASAP.

Analyst 207
Person typing on laptop with blurred map interface on screen, symbolizing WordPress site security breach.

Hackers Exploit WP Maps Pro Bug to Hijack WordPress Sites

In just 24 hours, over 3,600 hacking attempts were made to exploit a critical flaw in the WP Maps Pro plugin, allowing attackers to create admin accounts and log in without a password. This vulnerability, affecting version 6.1.0 and older, puts countless WordPress sites at risk.

Analyst 207
Server room with rows of equipment, one server prominently displayed in foreground.

Gogs Zero-Day Flaw Enables Remote Code Execution on Exposed Servers

A zero-day flaw in Gogs, a self-hosted Git service, leaves exposed servers vulnerable to remote code execution - and it's surprisingly easy for attackers to exploit, as they can create an account and repository on default-configured instances. This critical-severity vulnerability affects the latest release versions and requires only an authenticated user without admin privileges to launch an attack.

Analyst 207
Blurred container image on a pallet with a laptop showing a container registry in the background.

Gitea Flaw Exposes Private Container Images to Unauthenticated Attacks

A newly disclosed vulnerability in Gitea, tracked as CVE-2026-27771, allows unauthenticated attackers to access private container images, potentially exposing tens of thousands of deployments worldwide. This flaw lets anyone on the internet pull private images without needing an account, password, or credentials.

Analyst 207
Laptop on student desk shows login screen in bright campus library setting.

KnowledgeDeliver LMS Flaw Exploited to Deploy Malware

A security flaw in the KnowledgeDeliver LMS, known as CVE-2026-5426, was exploited by a threat actor to inject malicious code and infect users visiting the site. This vulnerability was caused by a predictable secret in the system's web.config file, allowing attackers to execute remote code.

Analyst 207
A computer workstation with a laptop and large monitor sits in a university computer lab or corporate training room.

Mandiant Exposes KnowledgeDeliver Vulnerability via ViewState Deserialization

A critical vulnerability, CVE-2026-5426, was discovered in KnowledgeDeliver installations, allowing unauthenticated remote code execution across multiple customer sites due to identical ASP.NET machineKey values. This widespread flaw was caused by a standardized web.config with hardcoded keys, used across deployments, leaving sites vulnerable to attack.

Analyst 207
Server room with web server hardware exposed, conveying vulnerability.

NGINX Flaw Enables Unauthenticated Remote Code Execution

A critical 18-year-old vulnerability, known as NGINX Rift, has been discovered in NGINX Plus and NGINX Open Source, allowing unauthenticated attackers to remotely execute code with a single crafted HTTP request. This high-severity flaw, rated 9.2 on the CVSS v4 scale, poses a significant threat to vulnerable servers.

Analyst 207
Brightly-lit industrial server room with a generic controller on the wall.

Hackers Exploit Weaver E-cology Bug in Targeted Attacks

Hackers are taking advantage of a critical bug in Weaver E-cology, using an exposed debug API endpoint to execute system commands on vulnerable servers without needing login credentials. This security flaw, tracked as CVE-2026-22679, affects Weaver E-cology 10.0 builds prior to March 12.

Analyst 207