authentication vulnerability

PgBouncer has a serious authentication-path vulnerability—CVE-2025-12819—that can let an unauthenticated client execute arbitrary SQL during the authentication process by supplying a crafted search_path parameter in the StartupMessage; the bug affects PgBouncer releases prior to 1.25.1 and was...

Microsoft’s Security Update Guide lists CVE-2025-53778 as an improper authentication vulnerability in the Windows NTLM implementation that can allow an authorized attacker to elevate privileges over a network, and administrators should treat it as a high-priority authentication risk until every...

Semperis researchers have identified a critical design flaw in Windows Server 2025's delegated Managed Service Accounts (dMSAs), termed the "Golden dMSA" vulnerability. This flaw allows attackers to achieve persistent, undetected access to managed service accounts, potentially exposing resources...

Improper authentication in Microsoft Dataverse has come under renewed scrutiny with the newly identified CVE-2025-24053 vulnerability. In this case, an authorized user – someone who otherwise has legitimate access – could manipulate authentication flaws to gain elevated privileges over a...

In today's deep dive into Windows security, we turn our attention to a newly disclosed threat: CVE-2025-24054—an NTLM hash disclosure spoofing vulnerability. This flaw, stemming from the external control of file names or paths in Windows NTLM, can allow an unauthorized attacker to perform...

In a recent update from Microsoft's Security Response Center (MSRC), a new vulnerability—CVE-2025-21350—has emerged, specifically targeting Windows Kerberos authentication. Though details remain sparse with a “Information published” note on the official MSRC update guide, early indications...

On November 12, 2024, Microsoft disclosed a significant security vulnerability identified as CVE-2024-43451. This flaw, categorized under the NTLM (NT LAN Manager) security protocol, poses a serious risk of hash disclosure spoofing. As Windows users, it's essential to understand what this means...

CVE-2024-38254: Understanding the Windows Authentication Information Disclosure Vulnerability and Its Implications for Users In the ever-evolving landscape of cybersecurity, Microsoft has become a primary target for scrutiny, both from malicious actors and vigilant defenders alike. The recent...

The cybersecurity landscape continuously evolves, necessitating vigilant monitoring and remediation of vulnerabilities. One significant vulnerability that has come to light is CVE-2024-35255, affecting Azure Identity Libraries and Microsoft Authentication Library. This vulnerability presents an...