24h | 7d | 30d

CVE-2026-35616

Overview

  • Fortinet
  • FortiClientEMS
04 Apr 2026
Published
06 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.03%
KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 17 Posts
  • 4 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
DragonJAR @dragonjar

Una avanzada IA ha detectado más de 500 vulnerabilidades zero-day en software open source, mientras Fortinet parchea una falla crítica explotada en FortiClient EMS; además, se revelan brechas en la memoria GPU de Chrome WebGL, en wrappers de curl, y en sistemas industriales MB Connect Line, poniendo en riesgo infraestructuras clave. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 06/04/26 📆 |====

🔍 AI DESCUBRE MÁS DE 500 VULNERABILIDADES ZERO-DAY EN SOFTWARE OPEN SOURCE

Una avanzada inteligencia artificial identificó más de 500 vulnerabilidades de día cero en software de código abierto ampliamente usado, incluyendo fallos críticos que permiten a atacantes comprometer dispositivos mediante engaños sofisticados. Este hallazgo subraya la urgente necesidad de reforzar la seguridad en proyectos comunitarios y la importancia de integrar IA en auditorías de seguridad. Conoce los detalles y el impacto de esta investigación 👉 djar.co/RBFJr

🛡️ FORTINET SOLUCIONA FALLA GRAVE ACTIVAMENTE EXPLOTADA EN FORTICLIENT EMS

Fortinet lanzó parches críticos para corregir la vulnerabilidad CVE-2026-35616 en su producto FortiClient EMS, que estaba siendo explotada en ataques reales. La falla permitía a atacantes ejecutar código malicioso a distancia, poniendo en riesgo la infraestructura de seguridad de múltiples organizaciones. Es vital actualizar de inmediato para evitar compromisos. Infórmate aquí sobre cómo proteger tus sistemas 👉 djar.co/Uj8Xsj

⚠️ VULNERABILIDAD EN MEMORIA DE GPU EN ANGLE AFECTA A CHROME WEBGL

Se detectó una vulnerabilidad en ANGLE, componente clave para la aceleración gráfica WebGL en Chrome, donde la memoria de GPU no inicializada puede filtrar información sensible. Esta falla podría ser explotada para obtener datos confidenciales mediante técnicas de explotación específicas. Mantente al tanto de esta amenaza y cómo mitigarla a tiempo 👉 djar.co/e9LY

🔓 INYECCIÓN DE COMANDOS EN APLICACIÓN QUE ENVUELVE CURL

Una vulnerabilidad de inyección de comandos ha sido reportada en un wrapper o script interno que utiliza curl, producto de un manejo inseguro de parámetros no estándar como “-guid”. Esta brecha puede permitir la ejecución arbitraria de código y comprometer sistemas que dependan de esta herramienta. Revisa las recomendaciones para proteger tus entornos aquí 👉 djar.co/C5FudE

🔧 VULNERABILIDADES CRÍTICAS EN PRODUCTOS MB CONNECT LINE PONEN EN JAQUE SISTEMAS INDUSTRIALES

Expertos de SySS GmbH identificaron múltiples fallos de seguridad graves en productos de MB connect line, con potencial para permitir accesos no autorizados y afectar sistemas industriales críticos. Estas vulnerabilidades exigen atención inmediata por parte de empresas que utilizan esta tecnología para evitar interrupciones y filtraciones de datos. Descubre el informe completo y medidas preventivas 👉 djar.co/NCrie

🚀 PRIMERA HACKATHON NACIONAL DE COLOMBIA PARA IMPULSAR EL FUTURO DIGITAL DEL PAÍS

Este evento busca reunir talento innovador para desarrollar soluciones tecnológicas que transformen el panorama digital colombiano. Inscribirte es tu oportunidad para ser protagonista en la creación de un ecosistema más seguro y eficiente. No pierdas la chance de participar y potenciar tus habilidades 👉 djar.co/X7hk

🔍 ANÁLISIS DE UNA VULNERABILIDAD EN ASIGNACIÓN DE MEMORIA DEL KERNEL UTILIZANDO GHIDRA

Explora cómo técnicas avanzadas de ingeniería inversa con Ghidra revelan fallos críticos en la gestión de memoria del núcleo en software vulnerable clásico, abriendo la puerta a exploits sofisticados a nivel kernel. Esta investigación aporta valiosas lecciones para desarrolladores y analistas de seguridad. Aprende más sobre este caso y sus implicaciones 👉 djar.co/eTRwj

  • 1
  • 1
  • 0
  • 7h ago
Profile picture fallback
cc @sparta

New FortiClient EMS flaw exploited in attacks, emergency patch released bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1
  • 23h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

US-Iran geopolitical tensions escalate with downed aircraft and President Trump's threats. (Apr 5, 2026) On technology, Microsoft announced a ¥1.6 trillion investment in Japan for AI infrastructure and cybersecurity. (Apr 4, 2026) In cybersecurity, a critical Fortinet EMS zero-day (CVE-2026-35616) is actively exploited, and the EU Commission confirmed a 300GB data breach from a Trivy supply chain attack. (Apr 4, 2026)

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

US President Trump issued an ultimatum to Iran: reopen the Strait of Hormuz by Tuesday or face strikes, intensifying Middle East tensions and driving up oil prices. NVIDIA unveiled new GPU compression technology, while a Chinese chipmaker claims a 300% performance lead over Nvidia's flagship GPU. In cybersecurity, Fortinet patched an actively exploited critical flaw (CVE-2026-35616) in FortiClient EMS. April has seen a surge in ransomware, including the Marquis fintech attack exposing 672,000 records.

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Skip @skipb

“Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks.

Tracked as CVE-2026-35616, the flaw is an improper access control vulnerability that allows unauthenticated attackers to execute code or commands via specially crafted requests.”

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
:hispagatos: :anarchohacker: @nothing

Fortinet corrige una vulnerabilidad crítica explotada activamente en FortiClient EMS (CVE-2026-35616)

Fortinet ha lanzado un hotfix de emergencia para CVE-2026-35616, una vulnerabilidad crítica en FortiClient EMS que ya se está explotando. El fallo permite a atacantes no autenticados eludir controles de la API y lograr ejecución de código o comandos en instalaciones afectadas, por lo que parchear de inmediato es prioritario.v

unaaldia.hispasec.com/2026/04/

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
eSecurity Planet @esecurityplanet

CVE-2026-35616: FortiClient EMS Flaw Under Active Exploitation esecurityplanet.com/threats/cv

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
corq @corq

CVE Record: CVE-2026-35616

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Ninja Owl @ninjaowl.ai
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 1
  • 1
  • 0
  • 22h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Fortinet patches critical CVE-2026-35616 affecting FortiClient EMS 7.4.5–7.4.6, allowing unauthenticated API access bypass and remote code execution. Update to 7.4.7 to fix. #Fortinet #APIBypass #USA
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Techpresso @techpresso.bsky.social
BREAKING: Fortinet has issued an emergency patch for a critical FortiClient EMS vulnerability (CVE-2026-35616) that is already being actively exploited in attacks.
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
FortiClient EMSのゼロデイ脆弱性が悪用されました。緊急ホットフィックスが利用可能です(CVE-2026-35616) FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) #HelpNetSecurity (Apr 4) www.helpnetsecurity.com/2026/04/04/f...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
ohhara @shiojiri.com
FortiClient EMSのゼロデイ悪用が確認される ホットフィックスも緊急リリース(CVE-2026-35616) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45037/
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
ohhara @shiojiri.com
CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw https://securityaffairs.com/190392/hacking/cve-2026-35616-fortinet-fixes-actively-exploited-high-severity-flaw.html
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added Fortinet FortiClient EMS flaw (CVE-2026-35616) to the KEV catalog due to active exploitation. - IOCs: CVE-2026-35616 - #Fortinet #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
URGENT: 2,000+ FortiClient EMS Servers Hacked – Active RCE Zero-Days Exposed! (CVE-2026-35616 & CVE-2026-21643) + Video Introduction: FortiClient Enterprise Management Server (EMS) is a centralized console for managing endpoint security across an organization, but its exposure to the public…
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-70951

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
Last activity: 5 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] New RCE in Control Web Panel (CVE-2025-70951)

https://fenrisk.com/rce-centos-webpanel-2
  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] New RCE in Control Web Panel (CVE-2025-70951) fenrisk.com -> Original->
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
Remote code execution in CentOS Web Panel - CVE-2025-70951
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-34743

Overview

  • tukaani-project
  • xz
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v4.0
LOW (1.7)
EPSS
0.04%
KEV

Description

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

Statistics

  • 2 Posts
  • 13 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture fallback
buherator @buherator
xz security advisory (CVE-2026-34743):

https://tukaani.org/xz/index-append-overflow.html

Who has the guts to update? :)
  • 5
  • 6
  • 0
  • 4h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
xz security advisory (CVE-2026-34743): tukaani.org -> Who has the guts to update? :) Original->
  • 1
  • 1
  • 0
  • 4h ago

CVE-2024-23380

Overview

  • Qualcomm, Inc.
  • Snapdragon
01 Jul 2024
Published
01 Aug 2024
Updated
CVSS v3.1
HIGH (8.4)
EPSS
0.18%
KEV

Description

Memory corruption while handling user packets during VBO bind operation.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] A Technical Deep Dive into CVE-2024-23380: Exploiting GPU Memory Corruption to Android Root

https://androidoffsec.withgoogle.com/posts/a-technical-deep-dive-into-cve-2024-23380-exploiting-gpu-memory-corruption-to-android-root/
  • 0
  • 1
  • 0
  • 22h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] A Technical Deep Dive into CVE-2024-23380: Exploiting GPU Memory Corruption to Android Root androidoffsec.withgoogle.com -> Original->
  • 0
  • 1
  • 0
  • 22h ago

CVE-2026-20093

Overview

  • Cisco
  • Cisco Enterprise NFV Infrastructure Software
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%
KEV

Description

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
Cisco IMCの認証バイパスの脆弱性により、攻撃者がユーザーパスワードを変更できる可能性があります(CVE-2026-20093) Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) #HelpNetSecurity (Apr 3) www.helpnetsecurity.com/2026/04/03/c...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-20093) Cisco IMC Authentication Bypass" and "Emerging Threat: (CVE-2026-27876) Grafana Remote Code Execution via SQL Expressions". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 16h ago

CVE-2021-34473

Overview

  • Microsoft
  • Microsoft Exchange Server 2013 Cumulative Update 23
14 Jul 2021
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
94.19%
KEV

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

Statistics

  • 1 Post
  • 5 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
luna zune :3 :spinny_fox_bi: :spinny_fox_trans: @x86Overflow

hey girl, are you CVE-2021-34473? because you are a 10/10

  • 3
  • 2
  • 0
  • Last hour

CVE-2026-5628

Overview

  • Belkin
  • F9K1015
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

📢 CVE-2026-5628: HIGH severity stack buffer overflow in Belkin F9K1015 (v1.00.10). Remotely exploitable — no patch yet. Restrict mgmt access & disable remote mgmt until fixed. Info: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 9h ago

CVE-2026-5613

Overview

  • Belkin
  • F9K1015
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔔 CVE-2026-5613: HIGH severity stack-based buffer overflow in Belkin F9K1015 v1.00.10. Remote code execution or DoS possible. No patch; exploit public. Restrict mgmt interface, disable remote mgmt. radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 12h ago

CVE-2026-5610

Overview

  • Belkin
  • F9K1015
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ HIGH severity: Belkin F9K1015 (v1.00.10) stack buffer overflow (CVE-2026-5610) in /goform/formWISP5G. Remotely exploitable, no patch yet. Restrict device exposure & monitor for anomalies. More at radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-47916

Overview

  • invisioncommunity
  • Invision Power Board
16 May 2025
Published
17 May 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
90.73%
KEV

Description

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
[CVE-2025-47916] Invision Community <= 5.0.6 (customCss) Remote Code Execution
  • 0
  • 0
  • 0
  • 5h ago
Showing 1 to 10 of 28 CVEs