24h | 7d | 30d

CVE-2026-35616

Overview

  • Fortinet
  • FortiClientEMS
04 Apr 2026
Published
04 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.03%
KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 10 Posts
  • 6 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions escalate as the Iran War continues, leading to the functional closure of the Strait of Hormuz, severely impacting global energy markets. In cybersecurity, the European Commission confirmed a 300GB data breach on April 4, 2026, stemming from a Trivy supply chain attack. Additionally, critical RCE flaws in Progress ShareFile were reported on April 3, 2026, and an actively exploited FortiClient EMS zero-day (CVE-2026-35616) necessitated urgent hotfixes on April 4, 2026.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 1
  • 0
  • 22h ago
Profile picture fallback
DragonJAR @dragonjar

Fortinet ha corregido una vulnerabilidad crítica que permitía escalada de privilegios y ha sido explotada desde marzo, mientras una campaña rusa de desinformación impacta la seguridad informativa en Argentina y la arquitectura sólida demuestra ser clave para el éxito seguro de la inteligencia artificial empresarial. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 05/04/26 📆 |====

🔒 FORTINET CORRIGE VULNERABILIDAD CRÍTICA CVE-2026-35616

Fortinet ha lanzado un parche para la vulnerabilidad CVE-2026-35616, con una severidad CVSS de 9.1, que ha sido explotada activamente desde marzo de 2026. Esta falla afecta a FortiClient EMS versiones 7.4.5 a 7.4.6 y permite a atacantes escalar privilegios, poniendo en riesgo infraestructuras protegidas por esta solución. Es crucial actualizar cuanto antes para evitar posibles brechas graves en la seguridad corporativa.
Descubre cómo proteger tu sistema y actúa ya aquí 👉 djar.co/taQymi

🌐 INVESTIGACIÓN REVELA CAMPAÑA DE DESINFORMACIÓN RUSA EN ARGENTINA

Un estudio reciente expone una presunta campaña de influencia rusa que habría financiado artículos en medios digitales argentinos con la intención de desacreditar al gobierno local. Esta operación de desinformación pone en evidencia la importancia de fortalecer la alfabetización mediática y la seguridad en la gestión de la información pública. Mantente informado sobre las tácticas usadas en ataques informativos.
Lee el análisis completo y su impacto aquí 👉 djar.co/c4pWDF

🤖 IA EN LA EMPRESA: EL ROL CLAVE DE LA ARQUITECTURA PARA EL ÉXITO

El despliegue efectivo de inteligencia artificial en las empresas ha evolucionado: no solo el modelo de IA importa, sino la arquitectura que lo sustenta. Tras años de inversiones, se reconoce que una infraestructura adecuada es esencial para maximizar resultados, reducir riesgos y escalar soluciones inteligentes con seguridad. Conoce las claves para transformar tu estrategia de IA y obtener verdadero impacto.
Explora las mejores prácticas y casos de éxito aquí 👉 djar.co/WvEdC

  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback
HackerWorkspace @hackerworkspace

Fortinet CVE-2026-35616 Actively Exploited - Decipher

decipher.sc/2026/04/04/fortine

Read on HackerWorkspace: hackerworkspace.com/article/fo

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Recent global developments on April 4, 2026:

Geopolitical: Trump challenges NATO's future over "Operation Epic Fury" participation; US-Iran conflict ongoing, Planet Labs withholds satellite images.
Technology: AI breakthroughs include Google DeepMind's Alpha Green for code optimization & OpenAI's GPT-6 on smartphones. Green compute initiatives accelerate.
Cybersecurity: Fortinet zero-day (CVE-2026-35616) exploited; EC suffers Trivy supply chain breach. New polymorphic malware & AI-generated bot threats emerge.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Claudio C @cktodon

Fortinet corrige una #vulnerabilidad crítica explotada activamente en FortiClient EMS (CVE-2026-35616)

unaaldia.hispasec.com/2026/04/

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS thehackernews.com/2026/04/fort...
  • 1
  • 1
  • 0
  • 9h ago
Profile picture fallback
Best of r/cybersecurity @cybersecurity.page
Fortinet CVE-2026-35616 Actively Exploited as Zero Day
  • 0
  • 1
  • 0
  • 18h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-35616: FortiClient EMS Under Active Attack – Unauthenticated RCE via API Bypass + Video Introduction: FortiClient Enterprise Management Server (EMS) is a centralized management platform for Fortinet’s endpoint security solutions, widely deployed to enforce VPN policies, manage endpoint…
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
Heads up FortiClient EMS users! CVE-2026-35616 (new) & CVE-2026-21643 - both unauthenticated RCE observed to be exploited in the wild! We fingerprint about 2000 instances globally, see public Dashboard: dashboard.shadowserver.org/statistics/i... Top affected: US & Germany
  • 0
  • 1
  • 0
  • Last hour
Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
Patch info: CVE-2026-35616 (0day reported by Defused Cyber): fortiguard.fortinet.com/psirt/FG-IR-... CVE-2026-21643: fortiguard.fortinet.com/psirt/FG-IR-...
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
66.27%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 2 Posts
  • 6 Interactions
Last activity: 4 hours ago

Bluesky

Profile picture fallback
BleepingComputer @bleepingcomputer.com
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps.
  • 2
  • 3
  • 0
  • 4h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials thehackernews.com/2026/04/hack...
  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-33579

Overview

  • OpenClaw
  • OpenClaw
31 Mar 2026
Published
02 Apr 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.01%
KEV

Description

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Hacker News 500 Points @newsyc500.bsky.social
OpenClaw privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579 (http://news.ycombinator.com/item?id=47628608)
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
角 征典/Masanori Kado @kdmsnr.com
🌐OpenClawの権限昇格の脆弱性 https://nvd.nist.gov/vuln/detail/CVE-2026-33579 via #HackerNews
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-21643

Overview

  • Fortinet
  • FortiClientEMS
06 Feb 2026
Published
31 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.07%
KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
elhacker.NET @elhackernet

Explotación activa de una inyección SQL crítica en Fortinet FortiClient EMS (CVE-2026-21643)

blog.elhacker.net/2026/04/expl

  • 0
  • 1
  • 0
  • 19h ago

Bluesky

Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
Heads up FortiClient EMS users! CVE-2026-35616 (new) & CVE-2026-21643 - both unauthenticated RCE observed to be exploited in the wild! We fingerprint about 2000 instances globally, see public Dashboard: dashboard.shadowserver.org/statistics/i... Top affected: US & Germany
  • 0
  • 1
  • 0
  • Last hour
Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
Patch info: CVE-2026-35616 (0day reported by Defused Cyber): fortiguard.fortinet.com/psirt/FG-IR-... CVE-2026-21643: fortiguard.fortinet.com/psirt/FG-IR-...
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-70951

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 10 Interactions
Last activity: 2 hours ago

Bluesky

Profile picture fallback
Catalin Cimpanu @campuscodi.risky.biz
There's a new unauth remote code execution bug in the CentOS Control Web Panel web hosting toolkit, tracked as CVE-2025-70951, that will need patching in the coming days fenrisk.com/rce-centos-w...
  • 4
  • 6
  • 1
  • 2h ago

CVE-2025-6514

Overview

  • mcp-remote
09 Jul 2025
Published
09 Jul 2025
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
1.46%
KEV

Description

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 11 hours ago

Bluesky

Profile picture fallback
r/netsec bot @r-netsec.bsky.social
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
  • 1
  • 1
  • 0
  • 11h ago

CVE-2026-20093

Overview

  • Cisco
  • Cisco Enterprise NFV Infrastructure Software
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%
KEV

Description

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Bluesky

Profile picture fallback
Best of r/cybersecurity @cybersecurity.page
Cisco has fixed a critical flaw (CVE-2026-20093) in its IMC, scoring 9.8/10 in severity. This allows attackers to bypass authentication with one HTTP request, gaining full admin access. Affected systems need a firmware update as no workarounds exist. Urgent user audit advised.
  • 1
  • 1
  • 0
  • 19h ago

CVE-2026-5323

Overview

  • priyankark
  • a11y-mcp
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%
KEV

Description

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Upgrading to version 1.0.6 is able to resolve this issue. The patch is identified as e3e11c9e8482bd06b82fd9fced67be4856f0dffc. It is recommended to upgrade the affected component. The vendor acknowledged the issue but provides additional context for the CVSS rating: "a11y-mcp is a local stdio MCP server - it has no HTTP endpoint and is not network-accessible. The caller is always the local user or an LLM acting on their behalf with user approval."

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Bluesky

Profile picture fallback
azu @azu.bsky.social
見てる: "a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function · CVE-2026-5323 · GitHub Advisory Database" https://github.com/advisories/GHSA-prmx-7v35-7q82
  • 0
  • 1
  • 0
  • 18h ago

CVE-2022-2469

Overview

  • GNU
  • GNU SASL
19 Jul 2022
Published
03 Aug 2024
Updated
CVSS v3.1
LOW (3.8)
EPSS
0.07%
KEV

Description

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Security Update for Ubuntu 22.04 & Fedora Sysadmins A new libpng patch (2025-b9e4e5a954) fixes a GSSAPI OOB read vulnerability (CVE-2022-2469) that could crash your authentication servers. Read more: 👉 tinyurl.com/vs4fxhu5 #Ubuntu #Fedora
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-3445

Overview

  • properfraction
  • Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
04 Apr 2026
Published
04 Apr 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.02%
KEV

Description

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on the `change_plan_sub_id` parameter in the `process_checkout()` function. This makes it possible for authenticated attackers, with subscriber level access and above, to reference another user's active subscription during checkout to manipulate proration calculations, allowing them to obtain paid lifetime membership plans without payment via the `ppress_process_checkout` AJAX action.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity: CVE-2026-3445 in ProfilePress plugin lets subscriber-level users bypass paid memberships via missing authorization in process_checkout(). No patch yet. Restrict privileges & monitor activity. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago
Showing 1 to 10 of 28 CVEs