24h | 7d | 30d

CVE-2026-34621

Overview

  • Adobe
  • Acrobat Reader
11 Apr 2026
Published
13 Apr 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.04%
KEV

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 19 Posts
  • 20 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Adobe Patches Actively Exploited Acrobat Reader Zero-Day CVE-2026-34621 — Exploited Since December 2025
#CyberSecurity
securebulletin.com/adobe-patch

  • 6
  • 1
  • 0
  • 10h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical: US-Iran peace talks failed, raising Strait of Hormuz blockade threat and soaring oil prices (April 12-13).

Tech: Japan allocates $4B for Rapidus to accelerate 2nm AI chip production by 2027 (April 12). Harvard unveils "Cascade" AI for faster quantum error correction (April 12).

Cybersecurity: Adobe issued emergency patch for actively exploited Acrobat zero-day (CVE-2026-34621) (April 12). Iran-linked groups persist in targeting US industrial control systems (April 11-12).

#AnonNews_irc #Cybersecurity #Anonymous #News

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Sam Stepanyan :verified: 🐘 @securestep9

Adobe Acrobat Reader Critical Vulnerability CVE-2026-34621 affects
* Acrobat DC versions 26.001.21367 and earlier
* Acrobat Reader DC versions 26.001.21367 and earlier
* Acrobat 2024 versions 24.001.30356 and earlier
👇
thehackernews.com/2026/04/adob

  • 0
  • 0
  • 1
  • 10h ago
Profile picture fallback
:mastodon: decio @decio

Le patch est désormais dispo:

"*Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution.

 Adobe is aware of CVE-2026-34621 being exploited in the wild.*"
👇
helpx.adobe.com/security/produ

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Recent global developments include a major cybersecurity breach, ongoing geopolitical tensions, and critical advancements in AI. A hacker leveraged AI platforms (Claude Code, GPT-4.1) to compromise nine Mexican government agencies, exfiltrating millions of records (Apr 12). Rockstar Games faces a ransom threat from ShinyHunters following a supply-chain cyberattack (Apr 12). Adobe also issued an emergency patch for a critical Acrobat Reader zero-day (CVE-2026-34621) actively exploited since December (Apr 12). Geopolitically, US-Iran talks in Pakistan to end their six-week conflict concluded without agreement, impacting oil markets and the Strait of Hormuz (Apr 12-13). In technology, Anthropic has withheld its new AI model, "Claude Mythos Preview," due to its advanced capability in discovering software vulnerabilities, deeming it too risky for public release (Apr 12).

#Cybersecurity #TechNews #Geopolitics

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
ekiledjian @edwardk

Adobe has released an emergency fix for a zero-day vulnerability (CVE-2026-34621) in Acrobat and Reader that allowed malicious PDFs to bypass sandbox restrictions and execute arbitrary code. The flaw, exploited since December, enabled attackers to read and steal local files, and was discovered by Haifei Li after a suspicious PDF sample was submitted for analysis.
bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
BleepingComputer @bleepingcomputer.com
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December.
  • 2
  • 8
  • 0
  • 2h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Adobe patches critical zero-day flaw CVE-2026-34621 in Acrobat and Acrobat Reader. The JavaScript prototype pollution vulnerability allows arbitrary code execution via crafted PDFs. #CVE202634621 #JavaScriptBug #USA
  • 0
  • 3
  • 0
  • 15h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
【要警戒】 Adobe、Acrobat/Readerのゼロデイ 脆弱性(CVE-2026-34621)を緊急 修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-34621: The Prototype Pollution Zero-Day That Weaponized Your PDF Reader + Video Introduction: In a concerning development for the cybersecurity community, a new zero-day vulnerability in Adobe Acrobat Reader, tracked as CVE-2026-34621, was found to be actively exploited in the wild before…
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
今日視界 @g0rosato.bsky.social
【在野利用】Adobe Acrobat Reader 遠程代碼執行漏洞(CVE-2026-34621)安全風險通告
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Help Net Security @helpnetsecurity.com
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) 📖 Read more: www.helpnetsecurity.com/2026/04/13/a... #cybersecurity #cybersecuritynews #PDF #0day @adobe.com
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Adobe Acrobat Zero-Day Under Active Attack: CVE-2026-34621 Prototype Pollution Exploit Exposed! + Video Introduction Prototype pollution is a subtle but dangerous JavaScript vulnerability that allows attackers to manipulate an object’s prototype, leading to arbitrary code execution or property…
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🛡️ With BaseFortify, you can map components like: cpe:2.3:a:adobe:acrobat_reader:26.001.21411:*:*:*:*:*:*:* and instantly identify exposure to CVE-2026-34621. Know what you run. Act faster. ✅ Free registration available basefortify.eu #BaseFortify #VulnerabilityManagement #SecurityTools
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 Adobe has released an emergency patch for CVE-2026-34621 — a critical Acrobat Reader vulnerability actively exploited for months. A malicious PDF can lead to data theft or code execution. Read the full breakdown: basefortify.eu/posts/2026/0... #CyberSecurity #Adobe #ZeroDay #Infosec
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Rene Robichaud @neroqc.bsky.social
CVE-2026-34621 – Adobe a publié un patch pour la zero-day exploitée ! www.it-connect.fr/cve-2026-346...
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 5 advisories, highlighting a critical Adobe Acrobat flaw actively exploited in the wild. - IOCs: CVE-2026-34621 - #CVE202634621 #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Red Siege @redsiege.com
Adobe rushes fix for Acrobat/Reader zero-day (CVE-2026-34621) Malicious PDFs can bypass sandboxing, steal files, and run code just by being opened. No known workaround, update ASAP and avoid suspicious attachments. via @bleepingcomputer.com www.bleepingcomputer.com/news/securit...
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-39987

Overview

  • marimo-team
  • marimo
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
2.70%
KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 5 Posts
Last activity: 1 hour ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

A critical pre-authentication RCE vulnerability (CVE-2026-39987) in the Marimo Python notebook platform was exploited within 10 hours of its disclosure, allowing attackers to steal cloud credentials. The flaw affects the /terminal/ws endpoint, and users are advised to update to version 0.23.0 or later immediately.
cybersecuritynews.com/marimo-r

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
CVE-2026-39987:Marimo RCEが公開後数時間で悪用される CVE-2026-39987: Marimo RCE exploited in hours after disclosure #SecurityAffairs (Apr 11) securityaffairs.com/190623/hacki...
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Patrick C Miller @patrickcmiller.bsky.social
CVE-2026-39987: Marimo RCE exploited in hours after disclosure securityaffairs.com/190623/hacki...
  • 0
  • 0
  • 1
  • 13h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-39987: Critical Pre-Auth RCE in Marimo Notebooks – Patch Now or Get Rooted via WebSocket + Video Introduction: A newly disclosed critical vulnerability, CVE-2026-39987 (CVSS 9.3), is actively being exploited in the wild, allowing unauthenticated attackers to obtain a full interactive root…
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-8061

Overview

  • Lenovo
  • Dispatcher 3.0 Driver
11 Sep 2025
Published
22 Sep 2025
Updated
CVSS v4.0
HIGH (7.3)
EPSS
0.01%
KEV

Description

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] CVE-2025-8061: From User-land to Ring 0

https://sibouzitoun.tech/labs/cve-2025-8061/
  • 0
  • 1
  • 0
  • 3h ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
CVE-2025-8061: From User-land to Ring 0
  • 0
  • 0
  • 2
  • 10h ago
Profile picture fallback
buherator @buherator.bsky.social
[RSS] CVE-2025-8061: From User-land to Ring 0 sibouzitoun.tech -> Original->
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-34040

Overview

  • moby
  • moby
31 Mar 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.01%
KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
TheWholeTruthXX 🎨 ❤️ 🍁 🛡️ @adwright

Aw jeez. Docker has had a badass authentication bug for a decade gives away the whole farm.

hackingpassion.com/docker-auth

  • 1
  • 2
  • 0
  • 7h ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
One Megabyte to Root: How a Size Check Broke Docker’s Last Line of Defense - "We discovered an authorization bypass in Docker Engine (CVE-2026-34040, CVSS 8.8 High)."
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-4396

Overview

  • Relevanssi
  • Relevanssi Premium
13 May 2025
Published
08 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
21.97%
KEV

Description

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.5 (Premium) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Jools @jools

Sicherheitslücke im WordPress-Plugin Relevanssi:

crowdsec.net/vulntracking-repo…

#WordPress, #Plugin

  • 1
  • 0
  • 0
  • 6h ago
Profile picture fallback
CrowdSec @CrowdSec

🚨 CVE-2025-4396 is seeing a surge in exploitation attempts.

This SQL injection vulnerability in the WordPress Relevanssi plugin has attracted over 16,500 attacking IPs, mostly targeting small sites with limited security.

We break down the attack and how to defend against it 👇

crowdsec.net/vulntracking-repo

  • 0
  • 1
  • 1
  • 6h ago

CVE-2026-40175

Overview

  • axios
  • axios
10 Apr 2026
Published
13 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.24%
KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0.

Statistics

  • 3 Posts
Last activity: 3 hours ago

Fediverse

Profile picture fallback
AllAboutSecurity @allaboutsecurity

Kritische Sicherheitslücke in Axios: CRLF-Injection ermöglicht Cloud-Credential-Diebstahl

Axios CVE-2026-40175: Wie eine Header-Injection zur Cloud-Kompromittierung führt

all-about-security.de/kritisch

#cve #CRLF #cloud #cloudsecurity

  • 0
  • 0
  • 1
  • 7h ago
Profile picture fallback
m3r @m3r

"Critical Axios Vulnerability Allows Remote Code Execution"

At this point, people probably just point $AI_AGENT to a package.json file and let it rip instead of specific targets. Less actual work for hundreds of thousands more vulnerable hosts.

nvd.nist.gov/vuln/detail/CVE-2

#cybersecurity #security #axios #javascript #web #nodejs

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-35616

Overview

  • Fortinet
  • FortiClientEMS
04 Apr 2026
Published
07 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
25.26%
KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Fortinet Issues Emergency Patch for Actively Exploited FortiClient EMS Zero-Day CVE-2026-35616
#CyberSecurity
securebulletin.com/fortinet-is

  • 4
  • 0
  • 0
  • 8h ago

CVE-2025-4802

Overview

  • The GNU C Library
  • glibc
16 May 2025
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Allele Security Intelligence @alleleintel

We chose a vulnerability in glibc (CVE-2025-4802) to teach students registered in our binary exploitation training the importance of the libc, loader, dynamic linker, and the kernel in making the execution of a modern Linux binary possible.

Furthermore, it demonstrates how a small oversight in the static glibc code allowed arbitrary libraries to be loaded into privileged code. Do you know the crucial role of the auxiliary vector? Or the main differences between dynamically and statically compiled binaries?

Check out the blog post for a brief analysis of CVE-2025-4802.

allelesecurity.com/libc-vuln-a

  • 3
  • 3
  • 0
  • 1h ago

CVE-2026-3493

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
usd AG @usdAG

The pentest professionals at identified a vulnerability in during a cloud that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the here: usd.de/en/security-advisories-

  • 2
  • 2
  • 0
  • 8h ago

CVE-2026-5936

Overview

  • Foxit Software Inc.
  • Foxit PDF Services API
13 Apr 2026
Published
13 Apr 2026
Updated
CVSS v3.1
HIGH (8.5)
EPSS
0.03%
KEV

Description

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 8 hours ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-5936 (HIGH 8.5) Your server can be tricked into attacking itself. Foxit PDF Services API vulnerable to SSRF, allowing attackers to access internal services and sensitive data. 🔎 basefortify.eu/cve_reports/... #CVE #CyberSecurity #SSRF #Foxit
  • 0
  • 1
  • 0
  • 8h ago
Showing 1 to 10 of 34 CVEs