MITRE ATT&CK Mapping

Zero Day Initiative CVE Mar 9

ZDI-26-172: Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulne...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 6

ZDI-26-160: (Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not require...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 6

ZDI-26-157: (Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 6

ZDI-26-156: (Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required...

T1556 1 IOC

Zero Day Initiative →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass auth...

T1556

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 5

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (AS...

T1556

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 3

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN...

T1556 T1598

Cisco Advisories →

Zero Day Initiative CVE Mar 3

ZDI-26-134: Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authenti...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 25

ZDI-26-129: Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authe...

T1556 1 IOC

Zero Day Initiative →

Recorded Future Zero-Day Microsoft Amazon Feb 24

January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day

January 2026 saw 23 actively exploited CVEs, including APT28’s Microsoft Office zero-day and critical auth bypass flaws impacting enterprise systems.

T1556

Recorded Future →

Zero Day Initiative CVE Feb 19

ZDI-26-111: MLflow Use of Default Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulne...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Ivanti Feb 12

ZDI-26-080: Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Endpoint Manager. Authentication is not required to e...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-077: GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-075: GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this...

T1556 1 IOC

Zero Day Initiative →

PortSwigger Research General Dec 10

The Fragile Lock: Novel Bypasses For SAML Authentication

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: inclu...

T1556

PortSwigger Research →