24h | 7d | 30d

CVE-2026-34621

Overview

  • Adobe
  • Acrobat Reader
11 Apr 2026
Published
13 Apr 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.04%
KEV

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 22 Posts
  • 24 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Adobe Patches Actively Exploited Acrobat Reader Zero-Day CVE-2026-34621 — Exploited Since December 2025
#CyberSecurity
securebulletin.com/adobe-patch

  • 6
  • 1
  • 0
  • 13h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical: US-Iran peace talks failed, raising Strait of Hormuz blockade threat and soaring oil prices (April 12-13).

Tech: Japan allocates $4B for Rapidus to accelerate 2nm AI chip production by 2027 (April 12). Harvard unveils "Cascade" AI for faster quantum error correction (April 12).

Cybersecurity: Adobe issued emergency patch for actively exploited Acrobat zero-day (CVE-2026-34621) (April 12). Iran-linked groups persist in targeting US industrial control systems (April 11-12).

#AnonNews_irc #Cybersecurity #Anonymous #News

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
Sam Stepanyan :verified: 🐘 @securestep9

Adobe Acrobat Reader Critical Vulnerability CVE-2026-34621 affects
* Acrobat DC versions 26.001.21367 and earlier
* Acrobat Reader DC versions 26.001.21367 and earlier
* Acrobat 2024 versions 24.001.30356 and earlier
👇
thehackernews.com/2026/04/adob

  • 0
  • 0
  • 1
  • 13h ago
Profile picture fallback
:mastodon: decio @decio

Le patch est désormais dispo:

"*Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution.

 Adobe is aware of CVE-2026-34621 being exploited in the wild.*"
👇
helpx.adobe.com/security/produ

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Recent global developments include a major cybersecurity breach, ongoing geopolitical tensions, and critical advancements in AI. A hacker leveraged AI platforms (Claude Code, GPT-4.1) to compromise nine Mexican government agencies, exfiltrating millions of records (Apr 12). Rockstar Games faces a ransom threat from ShinyHunters following a supply-chain cyberattack (Apr 12). Adobe also issued an emergency patch for a critical Acrobat Reader zero-day (CVE-2026-34621) actively exploited since December (Apr 12). Geopolitically, US-Iran talks in Pakistan to end their six-week conflict concluded without agreement, impacting oil markets and the Strait of Hormuz (Apr 12-13). In technology, Anthropic has withheld its new AI model, "Claude Mythos Preview," due to its advanced capability in discovering software vulnerabilities, deeming it too risky for public release (Apr 12).

#Cybersecurity #TechNews #Geopolitics

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
ekiledjian @edwardk

Adobe has released an emergency fix for a zero-day vulnerability (CVE-2026-34621) in Acrobat and Reader that allowed malicious PDFs to bypass sandbox restrictions and execute arbitrary code. The flaw, exploited since December, enabled attackers to read and steal local files, and was discovered by Haifei Li after a suspicious PDF sample was submitted for analysis.
bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Chris @Chris

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CVE-2012-1854 Visual Basic for Applications Insecure Library Loading

CVE-2020-9715 Adobe Acrobat Use-After-Free

CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted

CVE-2023-36424 Microsoft Windows Out-of-Bounds Read

CVE-2025-60710 Microsoft Windows Link Following

CVE-2026-21643 Fortinet SQL Injection

CVE-2026-34621 Adobe Acrobat Reader Prototype

cisa.gov/news-events/alerts/20

#cybersecurity #cisa #adobe #microsoft

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
BleepingComputer @bleepingcomputer.com
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December.
  • 2
  • 8
  • 0
  • 5h ago
Profile picture fallback
Red Siege @redsiege.com
Adobe rushes fix for Acrobat/Reader zero-day (CVE-2026-34621) Malicious PDFs can bypass sandboxing, steal files, and run code just by being opened. No known workaround, update ASAP and avoid suspicious attachments. via @bleepingcomputer.com www.bleepingcomputer.com/news/securit...
  • 1
  • 3
  • 0
  • 3h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Adobe patches critical zero-day flaw CVE-2026-34621 in Acrobat and Acrobat Reader. The JavaScript prototype pollution vulnerability allows arbitrary code execution via crafted PDFs. #CVE202634621 #JavaScriptBug #USA
  • 0
  • 3
  • 0
  • 18h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
【要警戒】 Adobe、Acrobat/Readerのゼロデイ 脆弱性(CVE-2026-34621)を緊急 修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-34621: The Prototype Pollution Zero-Day That Weaponized Your PDF Reader + Video Introduction: In a concerning development for the cybersecurity community, a new zero-day vulnerability in Adobe Acrobat Reader, tracked as CVE-2026-34621, was found to be actively exploited in the wild before…
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
今日視界 @g0rosato.bsky.social
【在野利用】Adobe Acrobat Reader 遠程代碼執行漏洞(CVE-2026-34621)安全風險通告
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Help Net Security @helpnetsecurity.com
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) 📖 Read more: www.helpnetsecurity.com/2026/04/13/a... #cybersecurity #cybersecuritynews #PDF #0day @adobe.com
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Adobe Acrobat Zero-Day Under Active Attack: CVE-2026-34621 Prototype Pollution Exploit Exposed! + Video Introduction Prototype pollution is a subtle but dangerous JavaScript vulnerability that allows attackers to manipulate an object’s prototype, leading to arbitrary code execution or property…
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🛡️ With BaseFortify, you can map components like: cpe:2.3:a:adobe:acrobat_reader:26.001.21411:*:*:*:*:*:*:* and instantly identify exposure to CVE-2026-34621. Know what you run. Act faster. ✅ Free registration available basefortify.eu #BaseFortify #VulnerabilityManagement #SecurityTools
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 Adobe has released an emergency patch for CVE-2026-34621 — a critical Acrobat Reader vulnerability actively exploited for months. A malicious PDF can lead to data theft or code execution. Read the full breakdown: basefortify.eu/posts/2026/0... #CyberSecurity #Adobe #ZeroDay #Infosec
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Rene Robichaud @neroqc.bsky.social
CVE-2026-34621 – Adobe a publié un patch pour la zero-day exploitée ! www.it-connect.fr/cve-2026-346...
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 5 advisories, highlighting a critical Adobe Acrobat flaw actively exploited in the wild. - IOCs: CVE-2026-34621 - #CVE202634621 #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Adobeは、実際に悪用されたAcrobat Readerの脆弱性(CVE-2026-34621)に対する緊急修正プログラムをリリースしました Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) #HelpNetSecurity (Apr 13) www.helpnetsecurity.com/2026/04/13/a...
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added 7 actively exploited vulnerabilities to the KEV catalog, urging immediate patching. - IOCs: CVE-2026-21643, CVE-2026-34621, CVE-2025-60710 - #CISA #KEV #threatintel
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-8061

Overview

  • Lenovo
  • Dispatcher 3.0 Driver
11 Sep 2025
Published
22 Sep 2025
Updated
CVSS v4.0
HIGH (7.3)
EPSS
0.01%
KEV

Description

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] CVE-2025-8061: From User-land to Ring 0

https://sibouzitoun.tech/labs/cve-2025-8061/
  • 0
  • 1
  • 0
  • 6h ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
CVE-2025-8061: From User-land to Ring 0
  • 0
  • 0
  • 2
  • 13h ago
Profile picture fallback
buherator @buherator.bsky.social
[RSS] CVE-2025-8061: From User-land to Ring 0 sibouzitoun.tech -> Original->
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-39987

Overview

  • marimo-team
  • marimo
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
2.70%
KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

  • 4 Posts
Last activity: 4 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

A critical pre-authentication RCE vulnerability (CVE-2026-39987) in the Marimo Python notebook platform was exploited within 10 hours of its disclosure, allowing attackers to steal cloud credentials. The flaw affects the /terminal/ws endpoint, and users are advised to update to version 0.23.0 or later immediately.
cybersecuritynews.com/marimo-r

  • 0
  • 0
  • 0
  • 4h ago

Bluesky

Profile picture fallback
Patrick C Miller @patrickcmiller.bsky.social
CVE-2026-39987: Marimo RCE exploited in hours after disclosure securityaffairs.com/190623/hacki...
  • 0
  • 0
  • 1
  • 16h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-39987: Critical Pre-Auth RCE in Marimo Notebooks – Patch Now or Get Rooted via WebSocket + Video Introduction: A newly disclosed critical vulnerability, CVE-2026-39987 (CVSS 9.3), is actively being exploited in the wild, allowing unauthenticated attackers to obtain a full interactive root…
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-4802

Overview

  • The GNU C Library
  • glibc
16 May 2025
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Statistics

  • 3 Posts
  • 16 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Allele Security Intelligence @alleleintel

We chose a vulnerability in glibc (CVE-2025-4802) to teach students registered in our binary exploitation training the importance of the libc, loader, dynamic linker, and the kernel in making the execution of a modern Linux binary possible.

Furthermore, it demonstrates how a small oversight in the static glibc code allowed arbitrary libraries to be loaded into privileged code. Do you know the crucial role of the auxiliary vector? Or the main differences between dynamically and statically compiled binaries?

Check out the blog post for a brief analysis of CVE-2025-4802.

allelesecurity.com/libc-vuln-a

  • 5
  • 9
  • 1
  • 4h ago

Bluesky

Profile picture fallback
Allele Security Intelligence @alleleintel.com
Check out the blog post for a brief analysis of CVE-2025-4802. allelesecurity.com/libc-vuln-an...
  • 1
  • 1
  • 0
  • 1h ago

CVE-2026-34040

Overview

  • moby
  • moby
31 Mar 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.01%
KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
TheWholeTruthXX 🎨 ❤️ 🍁 🛡️ @adwright

Aw jeez. Docker has had a badass authentication bug for a decade gives away the whole farm.

hackingpassion.com/docker-auth

  • 1
  • 2
  • 0
  • 10h ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
One Megabyte to Root: How a Size Check Broke Docker’s Last Line of Defense - "We discovered an authorization bypass in Docker Engine (CVE-2026-34040, CVSS 8.8 High)."
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-4396

Overview

  • Relevanssi
  • Relevanssi Premium
13 May 2025
Published
08 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
21.97%
KEV

Description

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.5 (Premium) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Jools @jools

Sicherheitslücke im WordPress-Plugin Relevanssi:

crowdsec.net/vulntracking-repo…

#WordPress, #Plugin

  • 1
  • 0
  • 0
  • 9h ago
Profile picture fallback
CrowdSec @CrowdSec

🚨 CVE-2025-4396 is seeing a surge in exploitation attempts.

This SQL injection vulnerability in the WordPress Relevanssi plugin has attracted over 16,500 attacking IPs, mostly targeting small sites with limited security.

We break down the attack and how to defend against it 👇

crowdsec.net/vulntracking-repo

  • 0
  • 1
  • 1
  • 9h ago

CVE-2026-40175

Overview

  • axios
  • axios
10 Apr 2026
Published
13 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.24%
KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0.

Statistics

  • 3 Posts
Last activity: 6 hours ago

Fediverse

Profile picture fallback
AllAboutSecurity @allaboutsecurity

Kritische Sicherheitslücke in Axios: CRLF-Injection ermöglicht Cloud-Credential-Diebstahl

Axios CVE-2026-40175: Wie eine Header-Injection zur Cloud-Kompromittierung führt

all-about-security.de/kritisch

#cve #CRLF #cloud #cloudsecurity

  • 0
  • 0
  • 1
  • 10h ago
Profile picture fallback
m3r @m3r

"Critical Axios Vulnerability Allows Remote Code Execution"

At this point, people probably just point $AI_AGENT to a package.json file and let it rip instead of specific targets. Less actual work for hundreds of thousands more vulnerable hosts.

nvd.nist.gov/vuln/detail/CVE-2

#cybersecurity #security #axios #javascript #web #nodejs

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-35616

Overview

  • Fortinet
  • FortiClientEMS
04 Apr 2026
Published
07 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
25.26%
KEV

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Fortinet Issues Emergency Patch for Actively Exploited FortiClient EMS Zero-Day CVE-2026-35616
#CyberSecurity
securebulletin.com/fortinet-is

  • 4
  • 0
  • 0
  • 11h ago

CVE-2026-3493

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
usd AG @usdAG

The pentest professionals at identified a vulnerability in during a cloud that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the here: usd.de/en/security-advisories-

  • 2
  • 2
  • 0
  • 11h ago

CVE-2026-35337

Overview

  • Apache Software Foundation
  • Apache Storm Client
  • org.apache.storm:storm-client
13 Apr 2026
Published
13 Apr 2026
Updated
CVSS
Pending
EPSS
0.30%
KEV

Description

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the "TGT" credential field, leading to remote code execution in both the Nimbus and Worker JVMs. Mitigation: 2.x users should upgrade to 2.8.6. Users who cannot upgrade immediately should monkey-patch an ObjectInputFilter allow-list to ClientAuthUtils.deserializeKerberosTicket() restricting deserialized classes to javax.security.auth.kerberos.KerberosTicket and its known dependencies. A guide on how to do this is available in the release notes of 2.8.6. Credit: This issue was discovered by K.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 CRITICAL: CVE-2026-35337 in Apache Storm Client (<2.8.6) allows authenticated users to achieve RCE via unsafe deserialization in Nimbus/Worker JVMs. Upgrade to 2.8.6 or restrict deserialization classes now! Details: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 11h ago
Showing 1 to 10 of 42 CVEs