24h | 7d | 30d

CVE-2026-34621

Overview

  • Adobe
  • Acrobat Reader
11 Apr 2026
Published
12 Apr 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.04%
KEV

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 16 Posts
  • 11 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Adobe Patches Actively Exploited Acrobat Reader Zero-Day CVE-2026-34621 — Exploited Since December 2025
#CyberSecurity
securebulletin.com/adobe-patch

  • 6
  • 1
  • 0
  • 4h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical: US-Iran peace talks failed, raising Strait of Hormuz blockade threat and soaring oil prices (April 12-13).

Tech: Japan allocates $4B for Rapidus to accelerate 2nm AI chip production by 2027 (April 12). Harvard unveils "Cascade" AI for faster quantum error correction (April 12).

Cybersecurity: Adobe issued emergency patch for actively exploited Acrobat zero-day (CVE-2026-34621) (April 12). Iran-linked groups persist in targeting US industrial control systems (April 11-12).

#AnonNews_irc #Cybersecurity #Anonymous #News

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Sam Stepanyan :verified: 🐘 @securestep9

Adobe Acrobat Reader Critical Vulnerability CVE-2026-34621 affects
* Acrobat DC versions 26.001.21367 and earlier
* Acrobat Reader DC versions 26.001.21367 and earlier
* Acrobat 2024 versions 24.001.30356 and earlier
👇
thehackernews.com/2026/04/adob

  • 0
  • 0
  • 1
  • 3h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Adobe patches critical zero-day flaw CVE-2026-34621 in Acrobat and Acrobat Reader. The JavaScript prototype pollution vulnerability allows arbitrary code execution via crafted PDFs. #CVE202634621 #JavaScriptBug #USA
  • 0
  • 3
  • 0
  • 9h ago
Profile picture fallback
mrbyte @mrbyte.bsky.social
Adobe: Rilevato sfruttamento in rete della CVE-2026-34621 #infosec www.acn.gov.it/portale/w/ad...
  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
nilab (in Bluesky) @nilab.bsky.social
怖い((((;゚Д゚))) 最近はPDFは他のアプリで表示することが多いから影響あるのかどうか。 「アドビ(Adobe)は、WindowsおよびmacOSの両プラットフォームでAdobe AcrobatおよびReaderを使用しているユーザーに影響を与える深刻な脆弱性「CVE-2026-34621」が、すでに攻撃者に悪用されていることを正式に認めた(APSB26-43)」 72時間以内の更新を推奨──「PDFを開くだけで乗っ取られる」アドビリーダーのゼロデイ攻撃が進行(Forbes JAPAN) - Yahoo!ニュース news.yahoo.co.jp/articles/6b7...
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Zero-Day Alert: CVE-2026-34621 Adobe Acrobat Reader Exploit – Patch NOW or Get Hacked! + Video Introduction: Adobe recently patched CVE-2026-34621, a zero-day vulnerability in Acrobat Reader that has been actively exploited in the wild for at least four months. This flaw allows attackers to…
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Adobe releases emergency patch for critical zero-day CVE-2026-34621 in Acrobat and Reader, exploited since Nov. Allows arbitrary code execution via prototype attribute manipulation on Windows and macOS. #AdobePatch #ZeroDay #USA
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
【要警戒】 Adobe、Acrobat/Readerのゼロデイ 脆弱性(CVE-2026-34621)を緊急 修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-34621: The Prototype Pollution Zero-Day That Weaponized Your PDF Reader + Video Introduction: In a concerning development for the cybersecurity community, a new zero-day vulnerability in Adobe Acrobat Reader, tracked as CVE-2026-34621, was found to be actively exploited in the wild before…
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
今日視界 @g0rosato.bsky.social
【在野利用】Adobe Acrobat Reader 遠程代碼執行漏洞(CVE-2026-34621)安全風險通告
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Help Net Security @helpnetsecurity.com
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) 📖 Read more: www.helpnetsecurity.com/2026/04/13/a... #cybersecurity #cybersecuritynews #PDF #0day @adobe.com
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Adobe Acrobat Zero-Day Under Active Attack: CVE-2026-34621 Prototype Pollution Exploit Exposed! + Video Introduction Prototype pollution is a subtle but dangerous JavaScript vulnerability that allows attackers to manipulate an object’s prototype, leading to arbitrary code execution or property…
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🛡️ With BaseFortify, you can map components like: cpe:2.3:a:adobe:acrobat_reader:26.001.21411:*:*:*:*:*:*:* and instantly identify exposure to CVE-2026-34621. Know what you run. Act faster. ✅ Free registration available basefortify.eu #BaseFortify #VulnerabilityManagement #SecurityTools
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 Adobe has released an emergency patch for CVE-2026-34621 — a critical Acrobat Reader vulnerability actively exploited for months. A malicious PDF can lead to data theft or code execution. Read the full breakdown: basefortify.eu/posts/2026/0... #CyberSecurity #Adobe #ZeroDay #Infosec
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-39987

Overview

  • marimo-team
  • marimo
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
2.70%
KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 5 Posts
  • 2 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Rishi @rxerium

🚨 Pre-Auth RCE vuln tagged as CVE-2026-39987 (CVSS 9.3) seeing active exploitation in the wild as reported by Vulncheck and Bleeping Computer.

Passively scan infrastructure to find potentially vulnerable instances:
github.com/rxerium/rxerium-tem

An unauthenticated attacker can obtain a full interactive root shell on the server via a single WebSocket connection. No user interaction or authentication token is required, even when authentication is enabled on the marimo instance
github.com/marimo-team/marimo/

  • 0
  • 0
  • 0
  • 18h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
A critical RCE vulnerability (CVE-2026-39987) in Marimo’s /terminal/ws endpoint allowed unauthenticated shell access. Exploitation began 10 hours after disclosure, with 125 IPs scanning within 12 hours. #Marimo #RemoteCodeExecution #Python
  • 0
  • 2
  • 0
  • 17h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
CVE-2026-39987:Marimo RCEが公開後数時間で悪用される CVE-2026-39987: Marimo RCE exploited in hours after disclosure #SecurityAffairs (Apr 11) securityaffairs.com/190623/hacki...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
Patrick C Miller @patrickcmiller.bsky.social
CVE-2026-39987: Marimo RCE exploited in hours after disclosure securityaffairs.com/190623/hacki...
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-39987: Critical Pre-Auth RCE in Marimo Notebooks – Patch Now or Get Rooted via WebSocket + Video Introduction: A newly disclosed critical vulnerability, CVE-2026-39987 (CVSS 9.3), is actively being exploited in the wild, allowing unauthenticated attackers to obtain a full interactive root…
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-34040

Overview

  • moby
  • moby
31 Mar 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.01%
KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
TheWholeTruthXX 🎨 ❤️ 🍁 🛡️ @adwright

Aw jeez. Docker has had a badass authentication bug for a decade gives away the whole farm.

hackingpassion.com/docker-auth

  • 1
  • 1
  • 0
  • Last hour

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
One Megabyte to Root: How a Size Check Broke Docker’s Last Line of Defense - "We discovered an authorization bypass in Docker Engine (CVE-2026-34040, CVSS 8.8 High)."
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-35616

Overview

  • Fortinet
  • FortiClientEMS
04 Apr 2026
Published
07 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
25.26%
KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Fortinet Issues Emergency Patch for Actively Exploited FortiClient EMS Zero-Day CVE-2026-35616
#CyberSecurity
securebulletin.com/fortinet-is

  • 4
  • 0
  • 0
  • 2h ago

CVE-2026-3493

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
usd AG @usdAG

The pentest professionals at identified a vulnerability in during a cloud that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the here: usd.de/en/security-advisories-

  • 1
  • 2
  • 0
  • 1h ago

CVE-2026-5936

Overview

  • Foxit Software Inc.
  • Foxit PDF Services API
13 Apr 2026
Published
13 Apr 2026
Updated
CVSS v3.1
HIGH (8.5)
EPSS
Pending
KEV

Description

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-5936 (HIGH 8.5) Your server can be tricked into attacking itself. Foxit PDF Services API vulnerable to SSRF, allowing attackers to access internal services and sensitive data. 🔎 basefortify.eu/cve_reports/... #CVE #CyberSecurity #SSRF #Foxit
  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-6132

Overview

  • Totolink
  • A7100RU
12 Apr 2026
Published
12 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL OS command injection (CVE-2026-6132) in Totolink A7100RU routers (7.4cu.2313_b20191024). Unauthenticated remote code execution possible. No patch yet — restrict access & monitor closely. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-40175

Overview

  • axios
  • axios
10 Apr 2026
Published
10 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.24%
KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture fallback
AllAboutSecurity @allaboutsecurity

Kritische Sicherheitslücke in Axios: CRLF-Injection ermöglicht Cloud-Credential-Diebstahl

Axios CVE-2026-40175: Wie eine Header-Injection zur Cloud-Kompromittierung führt

all-about-security.de/kritisch

#cve #CRLF #cloud #cloudsecurity

  • 0
  • 0
  • 1
  • Last hour

CVE-2026-35337

Overview

  • Apache Software Foundation
  • Apache Storm Client
  • org.apache.storm:storm-client
13 Apr 2026
Published
13 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the "TGT" credential field, leading to remote code execution in both the Nimbus and Worker JVMs. Mitigation: 2.x users should upgrade to 2.8.6. Users who cannot upgrade immediately should monkey-patch an ObjectInputFilter allow-list to ClientAuthUtils.deserializeKerberosTicket() restricting deserialized classes to javax.security.auth.kerberos.KerberosTicket and its known dependencies. A guide on how to do this is available in the release notes of 2.8.6. Credit: This issue was discovered by K.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 CRITICAL: CVE-2026-35337 in Apache Storm Client (<2.8.6) allows authenticated users to achieve RCE via unsafe deserialization in Nimbus/Worker JVMs. Upgrade to 2.8.6 or restrict deserialization classes now! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-29923

Overview

  • Pending
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-29923 - Local Privilege Escalation Attack via pstrip64.sys
  • 0
  • 0
  • 0
  • 3h ago
Showing 1 to 10 of 31 CVEs