Topic: unauthenticated attack
-
Critical FortiSIEM Flaw Patched: Remote Code Execution Risk
A critical, unauthenticated OS command injection vulnerability (CVE-2025-64155) in Fortinet's FortiSIEM platform allows remote attackers to execute arbitrary code and take full control of systems. The flaw, found in the phMonitor service, involves a two-stage attack: unauthenticated argument inje...
Read More » -
BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Access Tools
A critical security flaw (CVE-2026-1731) in BeyondTrust's self-hosted remote access software allows unauthenticated attackers to execute arbitrary OS commands, posing a severe risk of complete system compromise. The vulnerability impacts specific versions of Remote Support and Privileged Remote A...
Read More » -
Patch MongoDB Now: Critical Security Alert
A critical, high-severity vulnerability (CVE-2025-14847) in MongoDB allows unauthenticated attackers to remotely read uninitialized heap memory due to a flaw in the server's zlib compression implementation. The vulnerability impacts a wide range of MongoDB versions, from 3.6 through 8.2.2, and th...
Read More » -
Critical RCE Flaw Found in BeyondTrust Remote Support Software
A critical pre-authentication command injection flaw (CVE-2026-1731) in BeyondTrust's Remote Support and Privileged Remote Access software allows unauthenticated attackers to remotely execute arbitrary commands. The vulnerability, impacting thousands of on-premises instances, requires immediate m...
Read More » -
Critical RCE Flaw in Trend Micro Apex Central: Patch Now
A critical vulnerability (CVE-2025-69258) in Trend Micro's Apex Central console allows unauthenticated attackers to remotely execute malicious code with the highest SYSTEM privileges. The flaw, discovered by Tenable, is exploited by sending a crafted message to a specific port, forcing the system...
Read More »