Tag: improper access control
4 articles
CISA Mandates Patching of Joomla Plugin Flaw by Friday
Don't wait until it's too late - CISA is requiring Federal agencies to patch a critical Joomla plugin flaw by Friday, as hackers can exploit it to upload and execute malicious PHP code. The vulnerability, found in the Widget Factory Joomla Content Editor, allows unauthenticated users to create new editor profiles and poses significant risks to your online security.
CISA Warns of Actively Exploited Joomla Flaw Enabling PHP Code Execution
A critical Joomla flaw, tracked as CVE-2026-48907, is being actively exploited, allowing attackers to upload and execute PHP code - and the US Cybersecurity and Infrastructure Security Agency (CISA) is warning users to take immediate action. A patch is available in version 2.9.99.5 of the Widget Factory Joomla Content Editor.
Ubiquiti Fixes Maximum-Severity UniFi OS Flaws
Ubiquiti has patched three critical vulnerabilities in UniFi OS that left nearly 100,000 Internet-exposed endpoints, including 50,000 in the US, open to remote attacks without requiring login credentials. The fixes address severe flaws that could allow unauthorized system changes, file access, and even command injection.
Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator
Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and urges users to update to versions 6.5.7, 6.6.9, or 8.0.3 to stay secure.