CVE-2026-35616

Overview

Fortinet
FortiClientEMS

04 Apr 2026

Published

07 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

5.95%

MITRE

KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

11 Posts
4 Interactions

Last activity: 17 hours ago

Fediverse

Patrick C Miller :donor: @patrickcmiller

Fortinet customers confront actively exploited zero-day, with a full patch still pending https://cyberscoop.com/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited/

0
1
0
23h ago

Thomas Cloer @teezeh

"Fortinet on April 4 released a hotfix for a critical 9.8 bug in FortiClient EMS 7.4.5 and 7.4.6, saying that it had observed exploitation in the wild.

The API access bypass flaw – tracked as CVE-2026-35616 – was first reported to Fortinet by DefusedCyber, which posted on X about the bug early Saturday morning."

https://www.scworld.com/news/fortinet-issues-easter-weekend-hotfix-for-forticlient-ems

0
0
0
23h ago

benzogaga33 :verified: @benzogaga33

CVE-2026-35616 : déjà exploitée, cette faille Fortinet a été patchée en urgence ! https://www.it-connect.fr/cve-2026-35616-deja-exploitee-cette-faille-fortinet-a-ete-patchee-en-urgence/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

0
0
0
20h ago

Jeff Hall - PCIGuru :verified: @jbhall56

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild. https://www.darkreading.com/vulnerabilities-threats/fortinet-emergency-patch-forticlient-zero-day

0
0
1
18h ago

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions rise as Trump issues a Strait of Hormuz ultimatum amidst Middle East oil disruptions (Apr 7). In cybersecurity, North Korea's UNC4736 is linked to a $285M crypto heist (Apr 6), and a critical Fortinet zero-day (CVE-2026-35616) is under active exploitation (Apr 6-7). Technology advances with Fortrea launching AI-enhanced clinical trial solutions (Apr 7).

#AnonNews_irc #Cybersecurity #News

0
0
0
18h ago

The IT Nerd @The_IT_Nerd

Fortinet issues emergency weekend patch for actively exploited FortiClient EMS zero-day

Over the weekend, Fortinet released an emergency security update for a critical FortiClient Enterprise Management Server (EMS) vulnerability (CVSS 9.1), after confirming it is being actively exploited in the wild. The flaw, CVE-2026-35616, is a pre-authentication access control issue that enables attackers to bypass authentication protections and gain elevated privileges on…

https://itnerd.blog/2026/04/07/fortinet-issues-emergency-weekend-patch-for-actively-exploited-forticlient-ems-zero-day/

0
0
0
17h ago

Bluesky

IT-Connect @it-connect.bsky.social

💣 Fortinet - CVE-2026-35616 Une nouvelle faille de sécurité, exploitée en tant que zero-day, a été corrigée par Fortinet. Cette vulnérabilité affecte un seul produit : -> FortiClient EMS Tous les détails 👇 - www.it-connect.fr/cve-2026-356... #fortinet #infosec #cybersecurite

1
1
0
23h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ Fortinet addressed a critical API bypass flaw in FortiClientEMS, now added to CISA's KEV. - IOCs: CVE-2026-35616 - #CVE2026_35616 #Fortinet #ThreatIntel

0
0
0
17h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-35616 : faille critique FortiClient EMS exploitée activement en zero-day 📝 ## 🗓️ Contexte Source : BleepingComputer — publié le 5 avril 20… https://cyberveille.ch/posts/2026-04-07-cve-2026-35616-faille-critique-forticlient-ems-exploitee-activement-en-zero-day/ #CVE_2026_21643 #Cyberveille

0
1
0
18h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Two critical FortiClientEMS vulnerabilities are actively exploited: CVE-2026-21643 (unauthenticated SQL injection) and CVE-2026-35616 (improper access control/API bypass). Patch updates released by Fortinet. #FortinetFlaw #RemoteCodeExec #Singapore

0
0
0
17h ago

CVE-2025-59528

Overview

FlowiseAI
Flowise

22 Sep 2025

Published

22 Sep 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

82.39%

MITRE

KEV

Description

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.

Statistics

4 Posts
5 Interactions

Last activity: 4 hours ago

Fediverse

ekiledjian @edwardk

The Flowise AI Agent Builder is actively being exploited due to a critical CVSS 10.0 remote code execution vulnerability (CVE-2025-59528), affecting over 12,000 exposed instances. This flaw allows attackers to execute arbitrary JavaScript code, leading to potential system compromise and data exfiltration.
https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html

0
0
0
13h ago

Bluesky

BleepingComputer @bleepingcomputer.com

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.

1
3
0
12h ago

Undercode Testing @undercode.bsky.social

CRITICAL: Flowise CVE-2025-59528 (CVSS 100) Under Active Attack – Full System RCE via API Token + Video Introduction: Flowise, a widely adopted low-code platform for building LLM-based applications, has disclosed a critical remote code execution vulnerability designated CVE-2025-59528 with a CVSS…

0
1
0
23h ago

キタきつね @kitafox.bsky.social

攻撃者は、リモートコード実行のためにFlowiseの重大な脆弱性CVE-2025-59528を悪用する Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution #SecurityAffairs (Apr 7) securityaffairs.com/190471/secur...

0
0
0
4h ago

CVE-2026-34040

Overview

moby
moby

31 Mar 2026

Published

02 Apr 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.01%

MITRE

KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

3 Posts
4 Interactions

Last activity: 4 hours ago

Fediverse

eSecurity Planet @esecurityplanet

Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts https://www.esecurityplanet.com/threats/docker-flaw-cve-2026-34040-lets-attackers-bypass-security-controls-and-take-over-hosts/

1
0
0
14h ago

Bluesky

Ninja Owl @ninjaowl.ai

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

1
2
0
13h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

A critical flaw in Docker Engine (CVE-2026-34040) allows attackers to bypass AuthZ plugins by sending padded HTTP requests, enabling privileged container access to the host filesystem. Fixed in v29.3.1. #DockerVuln #ContainerSecurity #CVE2026

0
0
0
4h ago

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

66.27%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

2 Posts

Last activity: 12 hours ago

Fediverse

:hispagatos: :anarchohacker: @nothing

React2Shell (CVE-2025-55182) se explota para robar secretos en masa en apps Next.js

Una campaña automatizada está explotando React2Shell (CVE-2025-55182) para lograr RCE preautenticación en aplicaciones Next.js y desplegar recolección de secretos a gran escala. Tras comprometer el servidor, los atacantes exfiltran variables de entorno, tokens, claves SSH y credenciales cloud, por lo que cualquier secreto accesible desde el host debe considerarse comprometido...

https://unaaldia.hispasec.com/2026/04/react2shell-cve-2025-55182-se-explota-para-robar-secretos-en-masa-en-apps-next-js.html

0
0
0
12h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 UAT-10608 : Campagne automatisée de vol de credentials ciblant les apps Next.js via CVE-2025-55182 📝 ## 🔍 Contexte Publié le 2 av… https://cyberveille.ch/posts/2026-04-07-uat-10608-campagne-automatisee-de-vol-de-credentials-ciblant-les-apps-next-js-via-cve-2025-55182/ #CVE_2025_55182 #Cyberveille

0
0
0
21h ago

CVE-2023-50224

Overview

TP-Link
TL-WR841N

03 May 2024

Published

21 Oct 2025

Updated

CVSS v3.0

MEDIUM (6.5)

EPSS

1.46%

MITRE

KEV

Description

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.

Statistics

2 Posts

Last activity: 7 hours ago

Fediverse

Bundesnachrichtendienst (BND) @bnd

👾 Seit mindestens 2024 kompromittiert APT28 verwundbare Router weltweit, einschließlich TP-Link-Routern, durch Ausnutzung der Schwachstelle CVE-2023-50224.

0
0
0
7h ago

Bluesky

piggo @pigondrugs.bsky.social

~Ncsc~ Russian actor APT28 exploits vulnerable routers (e.g., TP-Link via CVE-2023-50224) to hijack DNS and steal credentials via AitM attacks. - IOCs: 5. 226. 137. 151, 23. 106. 120. 119, 64. 44. 154. 227 - #APT28 #DNSHijacking #ThreatIntel

0
0
0
13h ago

CVE-2026-2699

Overview

Progress
ShareFile Storage Zones Controller

02 Apr 2026

Published

03 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.41%

MITRE

KEV

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Statistics

1 Post
7 Interactions

Last activity: 19 hours ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

We have also added CVE-2026-2699 tagging to our scans, which now detect unpatched Progress ShareFile instances. 120 seen 2026-04-06 dashboard.shadowserver.org/statistics/c... Tree Map view: dashboard.shadowserver.org/statistics/c... IP data in Vulnerable HTTP: www.shadowserver.org/what-we-do/n...

2
5
0
19h ago

CVE-2021-22681

Overview

Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers

03 Mar 2021

Published

06 Mar 2026

Updated

CVSS

Pending

EPSS

12.90%

MITRE

KEV

Description

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

Statistics

1 Post
2 Interactions

Last activity: 7 hours ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

FBI and Pentagon report Iran-linked hackers targeting internet-facing OT devices like Rockwell/Allen-Bradley PLCs and possibly Siemens, exploiting CVE-2021-22681 to disrupt U.S. critical infrastructure operations. #Iran #OperationalTech

1
1
0
7h ago

CVE-2016-2183

Overview

Pending

01 Sep 2016

Published

31 Mar 2025

Updated

CVSS

Pending

EPSS

40.99%

MITRE

KEV

Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Statistics

1 Post
2 Interactions

Last activity: 23 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183

https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json

1
1
0
23h ago

CVE-2023-48788

Overview

Fortinet
FortiClientEMS

12 Mar 2024

Published

21 Oct 2025

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

94.13%

MITRE

KEV

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Statistics

1 Post
1 Interaction

Last activity: 6 hours ago

Fediverse

Steele Fortress @steelefortress

CISA just added CVE-2023-48788 to its Known Exploited Vulnerabilities catalog and is giving federal agencies until Friday to patch FortiClient EMS.

Privacy #Cybersecurity #Security #Encryption #ThreatIntel

0
1
0
6h ago

CVE-2026-29000

Overview

pac4j
pac4j-jwt

04 Mar 2026

Published

11 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.06%

MITRE

KEV

Description

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Statistics

1 Post
1 Interaction

Last activity: 23 hours ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

March 2026 exposed critical flaws in Pac4j (CVE-2026-29000), Ingress-NGINX, and Langflow enabling auth bypass and unauthenticated RCE. TeamPCP exploited GitHub Actions spreading backdoors in Trivy, Checkmarx, and PyPI. #SupplyChain #AIexploitation

0
1
0
23h ago