24h | 7d | 30d

Overview

  • Fortinet
  • FortiClientEMS

04 Apr 2026
Published
04 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.03%

KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 11 Posts
  • 11 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

Fortinet ha corregido una vulnerabilidad crítica que permitía escalada de privilegios y ha sido explotada desde marzo, mientras una campaña rusa de desinformación impacta la seguridad informativa en Argentina y la arquitectura sólida demuestra ser clave para el éxito seguro de la inteligencia artificial empresarial. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 05/04/26 📆 |====

🔒 FORTINET CORRIGE VULNERABILIDAD CRÍTICA CVE-2026-35616

Fortinet ha lanzado un parche para la vulnerabilidad CVE-2026-35616, con una severidad CVSS de 9.1, que ha sido explotada activamente desde marzo de 2026. Esta falla afecta a FortiClient EMS versiones 7.4.5 a 7.4.6 y permite a atacantes escalar privilegios, poniendo en riesgo infraestructuras protegidas por esta solución. Es crucial actualizar cuanto antes para evitar posibles brechas graves en la seguridad corporativa.
Descubre cómo proteger tu sistema y actúa ya aquí 👉 djar.co/taQymi

🌐 INVESTIGACIÓN REVELA CAMPAÑA DE DESINFORMACIÓN RUSA EN ARGENTINA

Un estudio reciente expone una presunta campaña de influencia rusa que habría financiado artículos en medios digitales argentinos con la intención de desacreditar al gobierno local. Esta operación de desinformación pone en evidencia la importancia de fortalecer la alfabetización mediática y la seguridad en la gestión de la información pública. Mantente informado sobre las tácticas usadas en ataques informativos.
Lee el análisis completo y su impacto aquí 👉 djar.co/c4pWDF

🤖 IA EN LA EMPRESA: EL ROL CLAVE DE LA ARQUITECTURA PARA EL ÉXITO

El despliegue efectivo de inteligencia artificial en las empresas ha evolucionado: no solo el modelo de IA importa, sino la arquitectura que lo sustenta. Tras años de inversiones, se reconoce que una infraestructura adecuada es esencial para maximizar resultados, reducir riesgos y escalar soluciones inteligentes con seguridad. Conoce las claves para transformar tu estrategia de IA y obtener verdadero impacto.
Explora las mejores prácticas y casos de éxito aquí 👉 djar.co/WvEdC

  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback

Recent global developments on April 4, 2026:

Geopolitical: Trump challenges NATO's future over "Operation Epic Fury" participation; US-Iran conflict ongoing, Planet Labs withholds satellite images.
Technology: AI breakthroughs include Google DeepMind's Alpha Green for code optimization & OpenAI's GPT-6 on smartphones. Green compute initiatives accelerate.
Cybersecurity: Fortinet zero-day (CVE-2026-35616) exploited; EC suffers Trivy supply chain breach. New polymorphic malware & AI-generated bot threats emerge.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

New FortiClient EMS flaw exploited in attacks, emergency patch released bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback

US-Iran geopolitical tensions escalate with downed aircraft and President Trump's threats. (Apr 5, 2026) On technology, Microsoft announced a ¥1.6 trillion investment in Japan for AI infrastructure and cybersecurity. (Apr 4, 2026) In cybersecurity, a critical Fortinet EMS zero-day (CVE-2026-35616) is actively exploited, and the EU Commission confirmed a 300GB data breach from a Trivy supply chain attack. (Apr 4, 2026)

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 4h ago

Bluesky

Profile picture fallback
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS thehackernews.com/2026/04/fort...
  • 1
  • 1
  • 0
  • 15h ago
Profile picture fallback
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 1
  • 1
  • 0
  • 4h ago
Profile picture fallback
CVE-2026-35616: FortiClient EMS Under Active Attack – Unauthenticated RCE via API Bypass + Video Introduction: FortiClient Enterprise Management Server (EMS) is a centralized management platform for Fortinet’s endpoint security solutions, widely deployed to enforce VPN policies, manage endpoint…
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Fortinet patches critical CVE-2026-35616 affecting FortiClient EMS 7.4.5–7.4.6, allowing unauthenticated API access bypass and remote code execution. Update to 7.4.7 to fix. #Fortinet #APIBypass #USA
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
Heads up FortiClient EMS users! CVE-2026-35616 (new) & CVE-2026-21643 - both unauthenticated RCE observed to be exploited in the wild! We fingerprint about 2000 instances globally, see public Dashboard: dashboard.shadowserver.org/statistics/i... Top affected: US & Germany
  • 1
  • 5
  • 0
  • 6h ago
Profile picture fallback
Patch info: CVE-2026-35616 (0day reported by Defused Cyber): fortiguard.fortinet.com/psirt/FG-IR-... CVE-2026-21643: fortiguard.fortinet.com/psirt/FG-IR-...
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
66.27%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 2 Posts
  • 8 Interactions

Last activity: 10 hours ago

Bluesky

Profile picture fallback
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps.
  • 3
  • 4
  • 0
  • 10h ago
Profile picture fallback
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials thehackernews.com/2026/04/hack...
  • 0
  • 1
  • 0
  • 15h ago

Overview

  • Qualcomm, Inc.
  • Snapdragon

01 Jul 2024
Published
01 Aug 2024
Updated

CVSS v3.1
HIGH (8.4)
EPSS
0.18%

KEV

Description

Memory corruption while handling user packets during VBO bind operation.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture fallback
[RSS] A Technical Deep Dive into CVE-2024-23380: Exploiting GPU Memory Corruption to Android Root

https://androidoffsec.withgoogle.com/posts/a-technical-deep-dive-into-cve-2024-23380-exploiting-gpu-memory-corruption-to-android-root/
  • 0
  • 1
  • 0
  • 4h ago

Bluesky

Profile picture fallback
[RSS] A Technical Deep Dive into CVE-2024-23380: Exploiting GPU Memory Corruption to Android Root androidoffsec.withgoogle.com -> Original->
  • 0
  • 1
  • 0
  • 4h ago

Overview

  • OpenClaw
  • OpenClaw

31 Mar 2026
Published
02 Apr 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.01%

KEV

Description

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.

Statistics

  • 2 Posts

Last activity: 17 hours ago

Bluesky

Profile picture fallback
OpenClaw privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579 (http://news.ycombinator.com/item?id=47628608)
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
🌐OpenClawの権限昇格の脆弱性 https://nvd.nist.gov/vuln/detail/CVE-2026-33579 via #HackerNews
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 10 Interactions

Last activity: 8 hours ago

Bluesky

Profile picture fallback
There's a new unauth remote code execution bug in the CentOS Control Web Panel web hosting toolkit, tracked as CVE-2025-70951, that will need patching in the coming days fenrisk.com/rce-centos-w...
  • 4
  • 6
  • 1
  • 8h ago

Overview

  • mcp-remote

09 Jul 2025
Published
09 Jul 2025
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
1.46%

KEV

Description

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 17 hours ago

Bluesky

Profile picture fallback
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
  • 1
  • 1
  • 0
  • 17h ago

Overview

  • FreeBSD
  • FreeBSD

26 Mar 2026
Published
02 Apr 2026
Updated

CVSS
Pending
EPSS
0.18%

KEV

Description

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture fallback

CVE-2026-4747

Re what's quoted in the opening post at <forums.freebsd.org/threads/102>, please note that Nicholas Carlini has not yet made a public statement about findings.

(I should not treat notebookcheck.net as an authoritative source on this matter.)

#FreeBSD #security

  • 0
  • 1
  • 0
  • 6h ago

Overview

  • properfraction
  • Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

04 Apr 2026
Published
04 Apr 2026
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.02%

KEV

Description

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on the `change_plan_sub_id` parameter in the `process_checkout()` function. This makes it possible for authenticated attackers, with subscriber level access and above, to reference another user's active subscription during checkout to manipulate proration calculations, allowing them to obtain paid lifetime membership plans without payment via the `ppress_process_checkout` AJAX action.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity: CVE-2026-3445 in ProfilePress plugin lets subscriber-level users bypass paid memberships via missing authorization in process_checkout(). No patch yet. Restrict privileges & monitor activity. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • trustindex
  • Widgets for Social Photo Feed

04 Apr 2026
Published
04 Apr 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.06%

KEV

Description

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

⚠️ HIGH severity: Stored XSS (CVE-2026-5425) in trustindex Widgets for Social Photo Feed (≤1.7.9) allows unauthenticated attackers to inject malicious scripts via 'feed_data'. No patch yet — disable plugin. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Tenda
  • CH22

05 Apr 2026
Published
05 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

🚨 HIGH severity: CVE-2026-5605 in Tenda CH22 v1.0.0.1 — stack-based buffer overflow in /goform/WrlExtraSet. No patch yet. Restrict remote access & monitor for threats. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour
Showing 1 to 10 of 21 CVEs