Trending CVEs

Vulnerability: An insufficient granularity of access control vulnerability in Microsoft Defender allows an authorized attacker to elevate privileges locally. The flaw, with a CVSS score of 7.8, affects Microsoft Defender systems.

Trending: CVE-2026-33825 is trending due to active exploitation in the wild, with confirmed exploit code and proof-of-concept publicly available. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, and security researchers have released PoC exploits following the patch released on April 14.

Vulnerability: Apache ActiveMQ Broker contains an improper input validation and code injection vulnerability in the Jolokia JMX-HTTP bridge that allows authenticated attackers to execute arbitrary code on the broker's JVM by invoking crafted discovery URIs that trigger remote Spring XML application context loading. The vulnerability affects Apache ActiveMQ versions before 5.19.4 and 6.0.0 before 6.2.3.

Trending: CVE-2026-34197 is receiving significant attention with 32 interactions on social media over the last 7 days due to active exploitation in the wild, CISA's addition to its Known Exploited Vulnerabilities catalog, and reports indicating thousands of unpatched Apache ActiveMQ instances remain exposed to the internet despite the vulnerability being discovered weeks ago. The discovery of the flaw using AI tools and the presence of confirmed exploit code in multiple sources has elevated concern about widespread attack campaigns against vulnerable brokers.

Vulnerability: A logging issue in iOS and iPadOS allows notifications marked for deletion to be unexpectedly retained on the device, potentially enabling recovery of deleted messages. This affects iOS 18.7.8, iPadOS 18.7.8, iOS 26.4.2, and iPadOS 26.4.2.

Trending: The vulnerability is receiving significant attention due to reports that it was exploited by law enforcement (FBI) to recover deleted Signal messages from iPhones, prompting Apple to issue expedited security patches across multiple iOS versions.

Vulnerability: A command injection vulnerability in D-Link DIR-823X routers (firmware versions 240126 and 240802) allows authorized attackers to execute arbitrary commands on affected devices through malicious POST requests to the /goform/set_prohibiting endpoint.

Trending: A new Mirai-based malware campaign is actively exploiting this vulnerability to compromise end-of-life D-Link routers and recruit them into a botnet for DDoS operations. The vulnerability is trending due to confirmed exploit code in the wild, active attacks targeting legacy network infrastructure, and widespread coverage across security news outlets and social media platforms.

Vulnerability: CVE-2026-39987 is a pre-authentication remote code execution vulnerability in Marimo, an open-source reactive Python notebook platform. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing unauthenticated attackers to obtain a full PTY shell and execute arbitrary system commands on affected systems running versions prior to 0.23.0.

Trending: This vulnerability is trending due to active exploitation in the wild, with attackers weaponizing the flaw within 10 hours of public disclosure. CISA has added it to its Known Exploited Vulnerabilities Catalog, and security researchers have documented credential theft occurring in under three minutes on honeypot servers, with evidence of malware distribution campaigns leveraging the vulnerability.

Vulnerability: A double free vulnerability in Windows IKE Extension (ikeext.dll) allows an unauthorized attacker to execute code over a network through improper ownership handling of a heap-allocated blob pointer during IKEv2 fragment reassembly. The vulnerability affects Windows systems including Windows 10 1607 and impacts VPN and edge systems that rely on IKE for secure communications.

Trending: CVE-2026-33824 is trending due to active exploitation in the wild, with a critical CVSS score of 9.8 and immediate patch-now recommendations from security researchers. The vulnerability received significant attention during Microsoft's April 2026 Patch Tuesday cycle where it was highlighted alongside other actively exploited zero-days, with security analysts emphasizing the need to restrict IKE traffic through firewall rules and IP-based access controls.

Vulnerability: Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. The vulnerability affects Microsoft ASP.NET Core and the Microsoft.AspNetCore.DataProtection NuGet package in versions 10.0.0 through 10.0.6.

Trending: CVE-2026-40372 is trending due to Microsoft releasing an out-of-band critical security patch after the vulnerability was inadvertently introduced as a regression in the Data Protection Library. The issue has generated significant social media engagement with 42 interactions in the past week, and security researchers are highlighting that patching alone is insufficient as affected applications will need to be rebuilt and existing tokens and cookies expired.

Vulnerability: Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Trending: CVE-2026-32201 is trending due to active exploitation in the wild, with over 1,370 exposed Microsoft SharePoint servers identified online and confirmed exploit code available in CISA and VulnCheck databases. The vulnerability was highlighted in Microsoft's April Patch Tuesday as one of the critical issues currently under active exploit, generating significant social media discussion and security alerts.

Vulnerability: CVE-2026-33318 affects Actual, a local-first personal finance tool prior to version 26.4.0. Any authenticated user with a BASIC role can escalate privileges to ADMIN on servers migrated from password authentication to OpenID Connect through a chain of three weaknesses: an missing authorization check on the password change endpoint, an orphaned password authentication row persisting after migration, and a client-controlled login method parameter that bypasses server authentication configuration.

Trending: The vulnerability is receiving attention across infosec communities on Bluesky and Mastodon, with security researchers flagging it as a high-severity issue (CVSS 8.8) requiring immediate patching to version 26.4.0 or later.

Vulnerability: CVE-2024-32114 is an authentication bypass vulnerability in Apache ActiveMQ 6.x where the default configuration leaves the Jolokia JMX REST API and Message REST API unsecured, allowing unauthenticated access to interact with the broker and perform operations like producing/consuming messages or purging destinations.

Trending: The vulnerability is trending due to confirmed exploit code existing in the wild according to VulnCheck KEV, with active exploitation campaigns reported against Apache ActiveMQ systems. The discovery has gained additional attention following reports that AI tools like Claude can rapidly weaponize related ActiveMQ vulnerabilities, demonstrating the ease with which attackers can develop exploits for these flaws.

Vulnerability: An OS command injection vulnerability in Fortinet FortiSandbox versions 4.4.0 through 4.4.8 allows unauthenticated attackers to execute unauthorized code or commands via improperly neutralized special elements in OS commands, typically through manipulated HTTP requests.

Trending: CVE-2026-39808 is trending due to confirmed exploit code availability in public tools like Nuclei, active discussion across security platforms, and its critical CVSS score of 9.1, with security advisories highlighting the risk of remote code execution and complete system compromise for unauthenticated attackers.

Vulnerability: CVE-2026-34621 is a prototype pollution vulnerability affecting Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier that could result in arbitrary code execution when a user opens a malicious PDF file.

Trending: The vulnerability is trending due to active exploitation in the wild since December 2025, with confirmed exploit code publicly available. Adobe released an emergency security update as part of April 2026 Patch Tuesday, and security researchers and government agencies (CISA, VulnCheck) have documented active attacks targeting users.

Vulnerability: CVE-2026-33626 is a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy versions prior to 0.12.3, affecting the vision-language module's load_image() function. The flaw allows attackers to fetch arbitrary URLs without validation of internal or private IP addresses, enabling access to cloud metadata services and internal network resources.

Trending: The vulnerability is trending due to confirmed active exploitation in the wild, with attackers documented accessing AWS IMDS and scanning local services within 12 hours of discovery. Exploit code has been verified and publicly referenced in vulnerability tracking sources like VulnCheck KEV.

Vulnerability: OP-TEE versions 3.13.0 through 4.10.0 contain missing bounds checks in the PKCS#11 TA function entry_get_attribute_value() that can lead to out-of-bounds reads from the heap and buffer overflows. The vulnerability allows attackers to read up to 7 bytes beyond buffer boundaries and write attribute values beyond the intended template buffer when supplying a malformed template parameter.

Trending: This vulnerability is gaining attention across security communities on social media platforms, with multiple cybersecurity accounts sharing the disclosure due to its high severity rating of 8.7 and relevance to Arm TrustZone-based systems used in numerous embedded and mobile devices.

Vulnerability: The Breeze Cache plugin for WordPress versions up to 2.4.4 is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function. Unauthenticated attackers can upload arbitrary files to the server, potentially enabling remote code execution, though exploitation requires the "Host Files Locally - Gravatars" feature to be enabled (disabled by default).

Trending: CVE-2026-3844 is trending due to active exploitation in the wild, with a critical CVSS score of 9.8. Multiple security researchers and organizations are alerting WordPress administrators to update immediately and review their plugin settings, particularly the Gravatar caching feature configuration.

Vulnerability: An authentication bypass vulnerability in Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows remote attackers to access restricted resources by bypassing control checks.

Trending: CVE-2023-46805 is actively exploited in the wild against Ivanti Connect Secure and Policy Secure gateways. Security researchers and government agencies including CISA have reported that threat actors, including China-linked groups, are rapidly exploiting this vulnerability often in combination with CVE-2024-21887 to achieve unauthenticated remote code execution and full VPN appliance compromise, posing significant risk to enterprise networks.

Vulnerability: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Trending: CVE-2024-21887 is trending because it can be chained with the unauthenticated CVE-2023-46805 to achieve full unauthenticated remote code execution and complete VPN appliance compromise, creating critical enterprise perimeter risk. The vulnerability is actively exploited in the wild, with multiple security researchers and CISA highlighting the threat as part of broader state-sponsored attacks targeting critical infrastructure globally.

Vulnerability: ThrottleStop.sys, a legitimate driver, contains insecure IOCTL interfaces that allow arbitrary read and write access to physical memory, enabling local attackers to patch the Windows kernel and execute arbitrary code with ring-0 privileges. Version 3.0.0.0 and possibly other versions are affected.

Trending: CVE-2025-7771 is trending due to confirmed active exploit code being publicly available on ExploitDB, GitHub, and tracked in security databases like VulnCheck KEV, with multiple proof-of-concept implementations documented and tested on Windows 11.

Vulnerability: A missing authorization vulnerability exists in Ronald Huereca's Highlight and Share WordPress plugin versions through 5.2.0, which allows exploitation of incorrectly configured access control security levels.

Trending: The vulnerability is trending due to confirmed public exploit code being available on Exploit DB, with multiple social media sources reporting active exploitation potential in the wild.

Vulnerability: CVE-2026-40308 affects My Calendar, a WordPress plugin for managing calendar events, in versions 3.7.6 and below. An unauthenticated attacker can exploit an unvalidated AJAX endpoint to inject arbitrary parameters, enabling information disclosure on WordPress Multisite installations (extracting private calendar events from any sub-site) or causing denial of service on single-site installations.

Trending: The vulnerability is trending due to confirmed exploit code being available in public exploit databases like Nuclei, making it actively exploitable in the wild. Multiple security sources have reported on this vulnerability following its recent publication.

Vulnerability: ERB is a templating system for Ruby that contains a code execution vulnerability in versions before 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4. An attacker who can trigger Marshal.load on untrusted data can exploit the ERB#def_module, ERB#def_class, and ERB#def_method functions to execute arbitrary code, bypassing existing @_init protection mechanisms.

Trending: The vulnerability is receiving attention from security researchers and publications due to its high severity rating (8.1) and the fact that it affects Ruby's standard library, making it relevant to a broad range of Ruby applications that deserialize untrusted ERB objects.

Vulnerability: Open Source Social Network (OSSN) versions prior to 9.0 are vulnerable to resource exhaustion through specially crafted images with extreme pixel dimensions. An attacker can upload a file that appears small in compressed size but triggers significant memory and CPU allocation during decompression and resizing, leading to Denial of Service conditions on affected servers.

Trending: The vulnerability is gaining attention across infosec communities on Bluesky and Mastodon, with security news outlets flagging it as a high-severity issue (CVSS 8.2) and recommending immediate upgrades to version 9.0 or implementation of mitigation controls.

Vulnerability: OpenClaw before version 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows remote attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection by manipulating browser proxy profiles.

Trending: The vulnerability is gaining attention in security communities across Mastodon and threat intelligence channels, with multiple security researchers and threat intelligence platforms sharing alerts about the high-severity CVE (CVSS 8.1) and its implications for OpenClaw users.

Vulnerability: OpenClaw before 2026.3.31 contains a remote code execution vulnerability where device-paired nodes can bypass node scope gate authentication, allowing attackers with device pairing credentials to execute arbitrary node commands on the host system without proper validation.

Trending: The vulnerability is receiving attention from security researchers and threat intelligence communities on social media platforms, with cybersecurity organizations including RedPacketSecurity and TheHackerWire publishing alerts and detailed information about the high-severity flaw.

Vulnerability: OpenClaw before version 2026.3.31 contains an arbitrary code execution vulnerability where workspace .env files can override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, allowing attackers to load malicious hook code and execute arbitrary code by replacing trusted bundled hooks from untrusted workspaces.

Trending: The vulnerability is gaining attention in the security community through threat intelligence channels and cybersecurity news outlets, with multiple security organizations sharing alerts and analysis about the flaw.

Vulnerability: An uncontrolled search path element vulnerability in Microsoft Power Apps allows unauthorized attackers to execute code over a network. The vulnerability affects Microsoft Power Apps systems.

Trending: The vulnerability is gaining attention across security communities on social media platforms like Mastodon, with cybersecurity researchers and threat intelligence accounts actively sharing alerts and information about the high-severity flaw (CVSS 8).

Vulnerability: A server-side request forgery (SSRF) vulnerability in Microsoft Purview allows unauthorized attackers to elevate privileges over a network. The vulnerability affects Microsoft Purview eDiscovery functionality.

Trending: The vulnerability is gaining attention on security-focused social media platforms with a CVSS score of 8.6 (HIGH), with cybersecurity researchers and threat intelligence accounts sharing CVE alerts and analysis across Bluesky and Mastodon.

Vulnerability: KTransformers through version 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces without authentication and deserializes incoming messages using pickle.loads() without validation, allowing attackers to execute arbitrary code with the privileges of the ktransformers process.

Trending: The vulnerability is receiving attention across security communities on platforms like Bluesky and Mastodon due to its critical CVSS score of 9.8 and the severity of the threat it poses, with security researchers and news outlets actively discussing the arbitrary code execution risk exposed through the unauthenticated ZMQ socket.

Vulnerability: The HTTP Headers plugin for WordPress (versions up to 1.19.2) is vulnerable to CRLF Injection due to insufficient sanitization of custom header name and value fields. Authenticated administrators can inject arbitrary newline characters and Apache directives into the .htaccess file, potentially causing Apache configuration errors and site-wide denial of service.

Trending: The vulnerability is being discussed across security-focused social media platforms, with mentions highlighting its CVSS Score of 5.5 and relevance to WordPress security communities concerned with plugin vulnerabilities and site protection.

Vulnerability: PackageKit versions 1.0.2 through 1.3.4 contains a time-of-check time-of-use (TOCTOU) race condition in transaction flag handling that allows unprivileged local users to install arbitrary RPM packages as root and execute RPM scriptlets without authentication, resulting in local privilege escalation. The vulnerability is fixed in version 1.3.5.

Trending: The vulnerability is trending due to recent social media mentions highlighting it as a local root exploit, with security researchers sharing information about the flaw across platforms like Bluesky and references to security news sources like Openwall.

Vulnerability: CVE-2026-33032 is a critical authentication bypass vulnerability in nginx-ui versions 2.3.5 and prior that exposes the /mcp_message endpoint without authentication requirements, allowing unauthenticated attackers to invoke all MCP tools including restarting nginx, modifying configuration files, and achieving complete nginx service takeover.

Trending: The vulnerability is trending due to active exploitation in the wild, with confirmed exploit code available in public repositories (nuclei, VulnCheck KEV), approximately 2,600 affected nginx-ui instances identified, and patches available since March 2026 but not yet widely deployed, prompting urgent security warnings and patching advisories from researchers globally.

Vulnerability: CVE-2025-20362 is an authentication bypass vulnerability in the VPN web server of Cisco Secure Firewall ASA and FTD Software that allows unauthenticated remote attackers to access restricted remote access VPN URL endpoints through improper input validation in HTTP(S) requests. A subsequent attack variant discovered in November 2025 exploits this vulnerability along with CVE-2025-20333 to cause denial of service conditions on unpatched devices.

Trending: This vulnerability is trending due to active exploitation in the wild, with CISA reporting that a U.S. government agency was breached in September 2025 through exploitation of this flaw, leading to infection with the FIRESTARTER backdoor malware that enabled persistent remote access. Security researchers have confirmed that CVE-2025-20362 is being actively exploited, prompting urgent advisories and recommendations for immediate patching.

Vulnerability: A vulnerability in the VPN web server of Cisco Secure Firewall ASA and FTD software allows authenticated remote attackers to execute arbitrary code as root due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN credentials can exploit this by sending crafted HTTP requests to compromise an affected device.

Trending: CVE-2025-20333 is trending because it is actively being exploited in the wild, with CISA documenting real-world attacks using the FIRESTARTER backdoor malware. A U.S. government agency was breached through this vulnerability in September 2025, making it a high-profile incident with significant security implications for critical infrastructure.

Vulnerability: MajorDoMo (Major Domestic Module) is vulnerable to unauthenticated remote code execution through its admin panel's PHP console feature. An include order bug in modules/panel.class.php allows unauthenticated requests to reach the ajax handler, which passes user-supplied GET parameters directly to eval() without authentication checks, enabling arbitrary PHP code execution.

Trending: CVE-2026-27174 is trending due to confirmed exploit code availability in Metasploit modules and other security tools, combined with an EPSS score exceeding 40%, indicating high exploitation potential and active interest from the security community.

Vulnerability: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress (versions up to 1.3.9.6) is vulnerable to arbitrary file upload due to insufficient file type validation when custom blacklist types are configured and improper handling of non-ASCII characters in filenames, allowing unauthenticated attackers to upload malicious files such as PHP and achieve remote code execution.

Trending: CVE-2026-5718 is trending due to confirmed exploit code being publicly available according to VulnCheck KEV, indicating active exploitation potential in the wild.

Vulnerability: CVE-2026-35029 affects LiteLLM proxy server versions prior to 1.83.0, where the /config/update endpoint lacks proper admin role authorization. An authenticated user can exploit this to modify proxy configuration, execute arbitrary Python code, read server files, and take over privileged accounts.

Trending: The vulnerability is trending due to confirmed exploit code availability in Nuclei, indicating active exploitation tools are in the wild.

Vulnerability: An Insertion of Sensitive Information Into Sent Data vulnerability exists in AI ChatBot with ChatGPT and Content Generator by AYS (ays-chatgpt-assistant) versions through 2.6.6, which allows retrieval of embedded sensitive data.

Trending: CVE-2025-62039 is trending due to confirmed exploit code being available in public repositories such as nuclei, indicating active exploitation tools are circulating in the wild.

Vulnerability: The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 3.9.0 via the file parameter. Unauthenticated attackers can exploit this vulnerability to read arbitrary files on the server, potentially exposing sensitive information.

Trending: CVE-2025-13801 is trending due to confirmed exploit code being publicly available in nuclei, indicating active exploitation is possible and likely occurring in the wild.

Vulnerability: CVE-2025-1361 is a Regular Information Exposure vulnerability in the IP2Location Country Blocker WordPress plugin (versions up to 2.38.8) that allows unauthenticated attackers to view the plugin's settings due to missing capability checks on the admin_init() function.

Trending: The vulnerability is gaining attention because confirmed exploit code has been identified in Nuclei, an open-source vulnerability scanning tool, making it actively exploitable.

Vulnerability: CVE-2024-32825 is an insertion of sensitive information into sent data vulnerability affecting Simply Static WordPress plugin versions up to and including 3.1.3.

Trending: The vulnerability is trending due to confirmed exploit code being available in nuclei, indicating active exploitation potential in the wild.

Vulnerability: An unauthenticated arbitrary file read vulnerability exists in Avid NEXIS E-series, F-series, and PRO+, as well as System Director Appliance (SDA+) before version 2025.5.1. The vulnerability stems from insufficient path validation in the filename parameter, allowing attackers to read arbitrary files with root/SYSTEM privileges.

Trending: CVE-2024-26291 is trending due to confirmed exploit code availability in public repositories like nuclei, indicating active technical capability for exploitation.

Vulnerability: A Cross Site Scripting (XSS) vulnerability exists in the func parameter of eyoucms v.1.6.5, allowing remote attackers to execute arbitrary code through a crafted URL.

Trending: CVE-2024-22927 is trending due to confirmed exploit code being available in public vulnerability databases including Nuclei and VulnCheck KEV, indicating active exploitation potential.

Vulnerability: An open redirect vulnerability exists in Flask-Security-Too version 5.3.2 and earlier that allows attackers to redirect users to malicious sites by abusing the ?next parameter on the /login and /register routes.

Trending: CVE-2023-49438 is trending due to confirmed exploit code being publicly available on GitHub and in Nuclei templates, indicating active exploitation potential.

Vulnerability: Home Assistant before version 2021.1.3 lacks protection against directory-traversal attacks in custom integrations, allowing potential unauthorized file access. The vulnerability exists primarily in third-party custom integrations, though Home Assistant released a security update to help address the issue.

Trending: CVE-2021-3152 is trending due to confirmed exploit code being available in public repositories like Nuclei, indicating active exploitation potential in the wild.

Vulnerability: Rclone versions 1.48.0 through 1.73.4 contain an unauthenticated remote code execution vulnerability in the RC endpoint operations/fsinfo, which accepts attacker-controlled backend definitions and executes commands during WebDAV backend initialization without requiring authentication.

Trending: The vulnerability is trending due to confirmed exploit code availability in nuclei, indicating active exploitation tools are in circulation for this unauthenticated RCE flaw affecting publicly exposed Rclone RC deployments.

Vulnerability: Rclone versions 1.45.0 through 1.73.4 contain an authentication bypass vulnerability in the RC endpoint options/set, which is exposed without proper authorization checks and allows unauthenticated attackers to disable the authorization gate for administrative RC methods by setting rc.NoAuth=true, potentially leading to unauthorized access to sensitive configuration and operational functionality.

Trending: This vulnerability is trending due to confirmed exploit code being publicly available in nuclei, indicating active exploitation potential in the wild.

Vulnerability: A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally. The flaw affects Microsoft Office products and was addressed in Microsoft's April 2026 Patch Tuesday release.

Trending: CVE-2026-32190 is receiving attention as part of Microsoft's April 2026 security update, which addressed 163-164 vulnerabilities including multiple critical issues. The vulnerability is being tracked alongside other actively exploited Microsoft flaws from the same patch cycle, contributing to broader awareness of the month's significant security landscape.

Vulnerability: A use-after-free vulnerability in Dawn (WebGPU component) in Google Chrome prior to version 146.0.7680.178 allows a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page. The vulnerability affects Google Chrome and other Chromium-based browsers including Microsoft Edge.

Trending: CVE-2026-5281 is trending due to CISA issuing an urgent warning about active exploitation in the wild, with multiple security sources confirming ongoing attacks against Chrome users. The vulnerability is notable as Google's fourth zero-day of 2026 and coincides with a broader month of significant security updates from major vendors including Microsoft's record-breaking April Patch Tuesday.

Vulnerability: An unrestricted file upload vulnerability in ShowDoc versions before 2.8.7 caused by improper validation of file extensions allows attackers to upload and execute arbitrary PHP code, leading to remote code execution and full server compromise.

Trending: This vulnerability is trending because attackers are actively exploiting CVE-2025-0520 in the wild against unpatched ShowDoc servers globally, deploying web shells for server takeovers despite the flaw being patched in 2020, with widespread security alerts and coverage across cybersecurity news outlets and social media platforms.

Vulnerability: An SQL injection vulnerability in Fortinet FortiClientEMS 7.4.4 allows unauthenticated attackers to execute unauthorized code or commands through specially crafted HTTP requests.

Trending: This vulnerability is trending due to active exploitation in the wild, with CISA adding it to its Known Exploited Vulnerabilities catalog on April 13, 2026, and confirmed exploit code available in public databases including CISA KEV, Nuclei, and VulnCheck KEV.