Tag: cve-2026-21262

soc

CVE-2026-40372: Critical ASP.NET Core Flaw May Let Attackers Gain SYSTEM Privileges

Microsoft has released out-of-band updates for CVE-2026-40372, a high-impact ASP.NET Core privilege-escalation vulnerability tied to the platform’s Data Protection cryptographic APIs. Public reporting says the flaw carries a CVSS score of 9.1 and could allow an unauthenticated attacker to forge authentication material and ultimately obtain SYSTEM privileges on affected systems. The issue stands out not […]

Mehr lesen →
soc

CVE-2026-38526 in Krayin CRM Enables RCE

CVE-2026-38526 in Krayin CRM Enables RCE CVE-2026-38526 is a critical authenticated remote code execution (RCE) vulnerability affecting Webkul Krayin CRM / Krayin Laravel CRM v2.2.x. The issue is in the admin-side TinyMCE media upload feature and allows a logged-in user to upload a server-executable file, such as PHP, and then execute it via a normal […]

Mehr lesen →
soc

CVE-2026-34486: Apache Tomcat Tribes Regression Creates Unauthenticated RCE Path

CVE-2026-34486: Apache Tomcat Tribes Regression Creates Unauthenticated RCE Path Apache Tomcat users running Tribes clustering should pay attention to CVE-2026-34486, an important-severity regression that can turn an exposed cluster receiver into an unauthenticated remote code execution (RCE) opportunity. The flaw was introduced by a prior security fix for CVE-2026-29146, where a small control-flow change caused […]

Mehr lesen →
soc

CVE-2026-35616: FortiClient EMS API Auth Bypass Enables Command Execution

CVE-2026-35616: FortiClient EMS API Auth Bypass Enables Command Execution Fortinet disclosed a critical vulnerability in Fortinet FortiClient EMS (Enterprise Management Server) tracked as CVE-2026-35616. Fortinet also says it has observed in-the-wild exploitation and released out-of-band hotfix guidance for affected builds. This post breaks down what CVE-2026-35616 is, who is affected, and what defenders should do […]

Mehr lesen →
security

CVE-2026-20643: Vulnerability in WebKit Navigation API May Bypass Same Origin Policy

Just a little over a month after fixing the actively exploited CVE-2026-20700 zero-day, Apple has now issued its first Background Security Improvements release to address CVE-2026-20643, a WebKit vulnerability that could allow maliciously crafted web content to bypass the Same Origin Policy, one of the browser’s core security boundaries. The issue in the limelight adds […]

Mehr lesen →