Topic: affected versions
-
Patch Now: Critical MongoDB RCE Flaw Demands Immediate Action
A critical, high-severity vulnerability (CVE-2025-14847) in MongoDB allows unauthenticated attackers to remotely execute code by exploiting a flaw in the zlib compression implementation. Administrators must immediately upgrade to specific patched versions (e.g., MongoDB 8.2.3) or, as a workaround...
Read More » -
Critical WatchGuard VPN Flaw Actively Exploited
A critical, actively exploited vulnerability (CVE-2025-14733) in WatchGuard's Fireware OS allows unauthenticated remote attackers to execute arbitrary code on affected systems. The flaw impacts systems using specific IKEv2 VPN configurations, and patches are available for most supported versions,...
Read More » -
Critical Security Flaw in Commvault Backup Suite Allows Remote Code Execution
A critical security vulnerability in on-premises Commvault deployments allows unauthenticated attackers to execute remote code by chaining four distinct flaws (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, and CVE-2025-57791). These vulnerabilities impact essential components like the Web Serve...
Read More » -
BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Access Tools
A critical security flaw (CVE-2026-1731) in BeyondTrust's self-hosted remote access software allows unauthenticated attackers to execute arbitrary OS commands, posing a severe risk of complete system compromise. The vulnerability impacts specific versions of Remote Support and Privileged Remote A...
Read More » -
Patch MongoDB Now: Critical Security Alert
A critical, high-severity vulnerability (CVE-2025-14847) in MongoDB allows unauthenticated attackers to remotely read uninitialized heap memory due to a flaw in the server's zlib compression implementation. The vulnerability impacts a wide range of MongoDB versions, from 3.6 through 8.2.2, and th...
Read More » -
Urgent: Actively Exploited FortiWeb Flaw Patched (CVE-2025-58034)
A critical OS command injection vulnerability (CVE-2025-58034) in FortiWeb firewalls is being actively exploited, allowing attackers to execute arbitrary commands via manipulated HTTP or CLI requests. The vulnerability affects multiple FortiWeb versions, and organizations must upgrade to patched ...
Read More » -
Urgent: NetScaler Zero-Day Exploit Actively Attacked (CVE-2025-7775)
Three critical vulnerabilities have been discovered in Citrix NetScaler ADC and Gateway devices, with CVE-2025-7775 already being actively exploited for remote code execution and denial of service. Citrix has released security updates for affected versions and strongly advises immediate patching,...
Read More » -
Critical Fortinet Flaw Actively Exploited by Hackers
A critical, unauthenticated command injection vulnerability (CVE-2025-64155) in FortiSIEM versions 6.7 to 7.5 allows attackers to gain full system control. Active exploitation of this flaw is confirmed, and immediate patching to specified fixed versions or restricting access to TCP port 7900 is u...
Read More » -
Critical FortiSIEM Flaw: Exploit Code Now Public
A critical, unauthenticated remote code execution vulnerability (CVE-2025-25256) in Fortinet's FortiSIEM platform allows attackers to gain full administrative control, with public exploit code now available. The flaw resides in the phMonitor service (TCP port 7900), a recurring weak point, and pa...
Read More » -
Unpatched Gogs Bug Actively Exploited, CISA Warns
A critical vulnerability (CVE-2025-8110) in the Gogs platform is being actively exploited, allowing authenticated users to achieve remote code execution by overwriting files via a symbolic link flaw. Over 700 Gogs instances have already been compromised, with no official patch yet available, thou...
Read More » -
Critical React & Node.js Flaw Patched: Update Now (CVE-2025-55182)
A critical remote code execution vulnerability (CVE-2025-55182) affects React versions 19.0.0 through 19.2.0, requiring an immediate update to version 19.2.1. The flaw involves unsafe deserialization in React Server Components, impacting not only React but also major dependent frameworks like Nex...
Read More » -
Unpatched OnePlus Flaw Lets Malicious Apps Send Texts
A security flaw in OnePlus's OxygenOS allows malicious apps to silently read SMS messages and metadata without user permission, posing a significant privacy risk. The vulnerability, CVE-2025-10184, stems from flawed security configurations in modified Android components, enabling blind SQL inject...
Read More » -
Urgent: Patch Critical Cisco UCCX Vulnerabilities Now
Cisco has patched two critical vulnerabilities (CVE-2025-20358 and CVE-2025-20354) in its Unified Contact Center Express platform, which could allow attackers to bypass authentication and gain root-level control. CVE-2025-20358 enables unauthenticated attackers to manipulate the login process and...
Read More »