tag
Auth-Bypass
High
PAN-OS GlobalProtect Authentication Bypass via Forged Cookie (CVE-2026-0257)
CVE-2026-0257·
Palo Alto Networks PAN-OS — GlobalProtect portal and gateway (also affects certain Prisma Access deployments)
unpatched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523·
Ivanti Sentry (formerly MobileIron Sentry)
patched
Critical
Check Point Remote Access VPN IKEv1 Auth Bypass (CVE-2026-50751)
CVE-2026-50751·
Check Point Remote Access VPN / Mobile Access / Spark Firewall
patched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706·
Microsoft SharePoint Server
patched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574·
Next.js App Router with dynamic route segments and middleware-based access control
unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)·
Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature)
unpatched
Medium
VMware ESXi Active Directory Authentication Bypass (CVE-2024-37085)
CVE-2024-37085·
VMware ESXi hosts joined to Microsoft Active Directory
unpatched
Critical
Palo Alto PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108·
Palo Alto Networks PAN-OS management web interface
patched
Critical
Fortinet FortiOS / FortiProxy Authentication Bypass (CVE-2024-55591)
CVE-2024-55591·
Fortinet FortiOS/FortiProxy management interfaces
unpatched
Critical
cPanel & WHM Authentication Bypass via Session-File CRLF Injection (CVE-2026-41940)
CVE-2026-41940·
cPanel & WHM
patched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927·
Next.js (Vercel)
patched