Topic: unauthenticated attack
-
Critical FortiSIEM Flaw Patched: Remote Code Execution Risk
A critical, unauthenticated OS command injection vulnerability (CVE-2025-64155) in Fortinet's FortiSIEM platform allows remote attackers to execute arbitrary code and take full control of systems. The flaw, found in the phMonitor service, involves a two-stage attack: unauthenticated argument inje...
Read More » -
BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Access Tools
A critical security flaw (CVE-2026-1731) in BeyondTrust's self-hosted remote access software allows unauthenticated attackers to execute arbitrary OS commands, posing a severe risk of complete system compromise. The vulnerability impacts specific versions of Remote Support and Privileged Remote A...
Read More » -
Patch MongoDB Now: Critical Security Alert
A critical, high-severity vulnerability (CVE-2025-14847) in MongoDB allows unauthenticated attackers to remotely read uninitialized heap memory due to a flaw in the server's zlib compression implementation. The vulnerability impacts a wide range of MongoDB versions, from 3.6 through 8.2.2, and th...
Read More » -
Critical RCE Flaw Found in BeyondTrust Remote Support Software
A critical pre-authentication command injection flaw (CVE-2026-1731) in BeyondTrust's Remote Support and Privileged Remote Access software allows unauthenticated attackers to remotely execute arbitrary commands. The vulnerability, impacting thousands of on-premises instances, requires immediate m...
Read More » -
Critical RCE Flaw in Trend Micro Apex Central: Patch Now
A critical vulnerability (CVE-2025-69258) in Trend Micro's Apex Central console allows unauthenticated attackers to remotely execute malicious code with the highest SYSTEM privileges. The flaw, discovered by Tenable, is exploited by sending a crafted message to a specific port, forcing the system...
Read More » -
CISA Warns of Active VMware RCE Attacks
A critical command injection vulnerability (CVE-2026-22719) in VMware Aria Operations is under active exploitation, allowing unauthenticated attackers to execute arbitrary commands and potentially take full control of systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has m...
Read More »