24h | 7d | 30d

CVE-2026-34621

Overview

  • Adobe
  • Acrobat Reader
11 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
6.08%
KEV

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 11 Posts
  • 9 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Christoph Schmees @PC_Fluesterer

Adobe PDF: Zero-Day seit Monaten angegriffen

Wieder einmal hat Adobe mit Acrobat etc. der Welt ein zweifelhaftes Geschenk gemacht. In den Produkten Acrobat DC, Acrobat Reader DC und Acrobat 2024 für Windows und macOS steckte eine öffentlich bisher nicht bekannte Sicherheitslücke, die mindestens seit dem vorigen November für Angriffe ausgenutzt wird (Zero-Day Exploit). Entdeckt wurde die Lücke CVE-2026-34621 im März. In der Meldung steht noch, dass es keinen Flicken gäbe. Das stimmt nicht mehr; Adobe hat gerade Updates veröffentlicht. Für einen Angriff reicht es aus, dem Opfer ein präpariertes PDF unterzuschieben. Außer das PDF

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #cybercrime #exploits #pdf #sicherheit #spionage #trojaner #UnplugTrump #adobe

  • 2
  • 2
  • 0
  • 1h ago
Profile picture fallback
Chris @Chris

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CVE-2012-1854 Visual Basic for Applications Insecure Library Loading

CVE-2020-9715 Adobe Acrobat Use-After-Free

CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted

CVE-2023-36424 Microsoft Windows Out-of-Bounds Read

CVE-2025-60710 Microsoft Windows Link Following

CVE-2026-21643 Fortinet SQL Injection

CVE-2026-34621 Adobe Acrobat Reader Prototype

cisa.gov/news-events/alerts/20

#cybersecurity #cisa #adobe #microsoft

  • 0
  • 3
  • 0
  • 21h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
While I have patched my #Adobe Acrobat Reader I find it disgusting that it could have gone this far with CVE-2026-34621, apparently this has been going on since November. PDFs just aren't regular files, there is something deeply troubling about the,
  • 0
  • 1
  • 0
  • 5h ago
Profile picture fallback
Tech-News @technology-news.bsky.social
Adobe patches CVE-2026-34621 after active exploitation since Dec 2025, preventing remote code execution via malicious PDFs.
  • 0
  • 1
  • 0
  • 1h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Adobeは、実際に悪用されたAcrobat Readerの脆弱性(CVE-2026-34621)に対する緊急修正プログラムをリリースしました Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) #HelpNetSecurity (Apr 13) www.helpnetsecurity.com/2026/04/13/a...
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Adobe Acrobat Reader Zero-Day Under Active Attack: Patch Now or Risk Total System Compromise (CVE-2026-34621) + Video Introduction: A critical zero-day vulnerability (CVE-2026-34621) in Adobe Acrobat and Acrobat Reader is being actively exploited in the wild, allowing attackers to execute…
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
Adobe Acrobat 脆弱性「CVE-2026-34621」とは?PDFを開くだけで危険なゼロデイと対策をわかりやすく解説 2026年4月11日、米Adobe社がAdobe AcrobatとAcrobat Readerの深刻な脆弱性「CVE-2026-34621」に対する緊急アップデートを公開しました。この脆弱性について紹介します。
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
topickapp (IT技術系ニュースサイト) @topickapp.bsky.social
https://www.ipa.go.jp/security/security-alert/2026/0413-adobereader.html IPAは、Adobe Acrobat/Readerのセキュリティ更新プログラム公開を案内しています。 脆弱性悪用で異常終了やPCの制御被害のおそれがあり、CVE-2026-34621は悪用確認済みです。 該当版は至急最新版へ更新し、管理者も早急に適用対応してください。
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
IT-Connect @it-connect.bsky.social
⚠️ Adobe - CVE-2026-34621 Adobe a publié des correctifs de sécurité pour patcher la CVE-2026-34621 (faille zero-day déjà exploitée) Les détails par ici 👇 - www.it-connect.fr/cve-2026-346... #Adobe #infosec #cybersecurite
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Commonwealth Sentinel Cyber Security @cwealthsentinel.bsky.social
Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added 7 actively exploited vulnerabilities to the KEV catalog, urging immediate patching. - IOCs: CVE-2026-21643, CVE-2026-34621, CVE-2025-60710 - #CISA #KEV #threatintel
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-0520

Overview

  • ShowDoc
  • ShowDoc
29 Apr 2025
Published
19 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
2.03%
KEV

Description

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

Statistics

  • 4 Posts
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

thehackernews.com/2026/04/show

Read on HackerWorkspace: hackerworkspace.com/article/sh

  • 0
  • 1
  • 0
  • 12h ago

Bluesky

Profile picture fallback
Ninja Owl @ninjaowl.ai
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A critical vulnerability in ShowDoc allows remote code execution through unrestricted file uploads, with active exploitation reported for CVE-2025-0520.
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2025-0520: Unauthenticated Web Shell Uploads Exploited in the Wild – Patch Now! + Video Introduction: ShowDoc, a popular open-source online documentation tool, is currently under active exploitation due to CVE-2025-0520 – a critical unauthenticated file upload vulnerability (CVSS 9.4).…
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-39987

Overview

  • marimo-team
  • marimo
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
2.70%
KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Critical Marimo Python Notebook Zero-Day (CVE-2026-39987) Exploited Within 10 Hours of Disclosure
#CyberSecurity
securebulletin.com/critical-ma

  • 5
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-39987 : RCE pré-auth critique dans Marimo exploitée 10h après divulgation 📝 ## 🗓️ Contexte Source : BleepingComputer, publié le 12 avril … https://cyberveille.ch/posts/2026-04-14-cve-2026-39987-rce-pre-auth-critique-dans-marimo-exploitee-10h-apres-divulgation/ #CVE_2026_39987 #Cyberveille
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-4631

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • cockpit
07 Apr 2026
Published
10 Apr 2026
Updated
CVSS
Pending
EPSS
0.10%
KEV

Description

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Red Hat published RHSA-2026:7381 for CVE-2026-4631. The flaw is unauthenticated remote code execution in Cockpit. Cockpit is the default web console on RHEL 9, RHEL 10, Rocky, and AlmaLinux. CVSS 9.8. Cockpit passes hostnames and usernames from the browser straight to SSH, before any password check. One HTTP request to the login page runs commands as the server. Default on, web-facing, unauthenticated. Patch this week.

#Linux #CyberSecurity #RHEL #SysAdmin

  • 1
  • 0
  • 0
  • 3h ago
Profile picture fallback
[aj] @aj

@canartuc Ouch.
nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-6264

Overview

  • Talend
  • Talend JobServer
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.24%
KEV

Description

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JMX monitoring port, which is disabled by default from the R2024-07-RT patch.

Statistics

  • 2 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔴 CRITICAL: CVE-2026-6264 affects Talend JobServer 8.0 & 7.3. Unauthenticated RCE via JMX port — patch immediately or require TLS client auth for mitigation. Disable JMX in Runtime if possible. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 Critical RCE in Talend JobServer (CVE-2026-6264) Unauthenticated attackers can exploit the JMX monitoring port to execute arbitrary code. CVSS: 9.8 🔥 Affects Talend (Qlik) 🔗 basefortify.eu/cve_reports/...
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-5194

Overview

  • wolfSSL
  • wolfSSL
09 Apr 2026
Published
10 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Statistics

  • 3 Posts
Last activity: 4 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

CVE-2026-5194 : quand un bug dans wolfSSL valide des certificats falsifiés it-connect.fr/cve-2026-5194-qu #ActuCybersécurité #Cybersécurité #Vulnérabilité #Web

  • 0
  • 0
  • 1
  • 8h ago

Bluesky

Profile picture fallback
IT-Connect @it-connect.bsky.social
⚠️ wolfSSL - CVE-2026-5194 Une faille de sécurité critique a été découverte et patchée dans la bibliothèque wolfSSL, particulièrement utilisée sur les systèmes embarqués et l'IoT. Les détails par ici 👇 - www.it-connect.fr/cve-2026-519... #infosec #cybersecurite
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-40261

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 31 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
packagist @packagist

🚨 Composer 2.9.6 and 2.2.27 are out with fixes for CVE-2026-40261 and CVE-2026-40176, both command injection issues in the Perforce driver. Run composer self-update now. No exploitation detected on Packagist.org and Private Packagist. Details on our blog: blog.packagist.com/composer-2- #php #phpc #composerphp

  • 20
  • 11
  • 0
  • 8h ago

CVE-2026-40176

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 31 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
packagist @packagist

🚨 Composer 2.9.6 and 2.2.27 are out with fixes for CVE-2026-40261 and CVE-2026-40176, both command injection issues in the Perforce driver. Run composer self-update now. No exploitation detected on Packagist.org and Private Packagist. Details on our blog: blog.packagist.com/composer-2- #php #phpc #composerphp

  • 20
  • 11
  • 0
  • 8h ago

CVE-2026-27681

Overview

  • SAP_SE
  • SAP Business Planning and Consolidation and SAP Business Warehouse
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%
KEV

Description

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet — restrict access & monitor DB activity. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 16h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
SAP released 20 security notes in April 2026, including critical CVE-2026-27681 SQL injection in Business Planning & Consolidation and BW, plus high-severity CVE-2026-34256 in ERP & S/4 HANA. #SAPSecurity #ABAPPatch #Germany
  • 0
  • 0
  • 0
  • 4h ago

CVE-2023-21529

Overview

  • Microsoft
  • Microsoft Exchange Server 2019 Cumulative Update 12
14 Feb 2023
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
58.92%
KEV

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Chris @Chris

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CVE-2012-1854 Visual Basic for Applications Insecure Library Loading

CVE-2020-9715 Adobe Acrobat Use-After-Free

CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted

CVE-2023-36424 Microsoft Windows Out-of-Bounds Read

CVE-2025-60710 Microsoft Windows Link Following

CVE-2026-21643 Fortinet SQL Injection

CVE-2026-34621 Adobe Acrobat Reader Prototype

cisa.gov/news-events/alerts/20

#cybersecurity #cisa #adobe #microsoft

  • 0
  • 3
  • 0
  • 21h ago

Bluesky

Profile picture fallback
MalWhere? @malwhere.bsky.social
These “zombie bugs” show attackers reuse long-patched flaws alongside new ones. CVE-2023-21529 is tied to ransomware, proving poor patching keeps legacy exploits alive and dangerous today.
  • 0
  • 0
  • 0
  • 9h ago
Showing 1 to 10 of 41 CVEs