Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.

A critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild, according to the US Cybersecurity and Infrastructure ...

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems. VMware has fixed an uber-severe bug in its ...

There’s proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn’t seen any malicious exploit yet. Cisco has patched a near-max critical bug ...

IBM disclosed a critical CVSS 9.8 authentication bypass in IBM API Connect that could allow remote access; patches are now ...

Fortinet reports active attacks exploiting CVE-2020-12812, a FortiOS SSL VPN flaw that can bypass two-factor authentication in specific LDAP setups.

Two critical SAML‑signature flaws (CVE‑2025‑59718/59719) let attackers bypass SSO across multiple Fortinet products Exploitation began December 12, with intruders pulling config files that expose ...

Okta has addressed an authentication bypass bug that affects those with long usernames or employers with wordy domain names. The security hole could have allowed cybercriminals to pass Okta AD/LDAP ...

Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances ...

Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code. The security flaw ...