Activity

Vulnerability name

Apache ActiveMQ Improper Input Validation Vulnerability

Product

Apache ActiveMQ

CVE-2026-34197 is an improper input validation and code injection vulnerability affecting Apache ActiveMQ Classic. This flaw resides in the Jolokia JMX-HTTP bridge, exposed on the web console, which by default permits `exec` operations on ActiveMQ MBeans, including `BrokerService.addNetworkConnector(String)` and `BrokerService.addConnector(String)`. An authenticated attacker can exploit this by invoking these operations with a specially crafted discovery URI. This URI triggers the VM transport's `brokerConfig` parameter to load a remote Spring XML application context, which then instantiates singleton beans and executes arbitrary code on the broker's Java Virtual Machine (JVM) through methods like `Runtime.exec()`. While exploitation typically requires authentication, certain versions of Apache ActiveMQ Classic (6.0.0 through 6.1.1) are also affected by CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In these specific versions, CVE-2026-34197 can be exploited without credentials, effectively becoming an unauthenticated remote code execution vulnerability. This vulnerability has been present in the codebase for approximately 13 years and affects Apache ActiveMQ Broker versions before 5.19.4 and from 6.0.0 before 6.2.3.

Vulnerability name

Microsoft Office Remote Code Execution

Product

Microsoft Office

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

Vulnerability name

Adobe Acrobat and Reader Prototype Pollution Vulnerability

Product

Adobe Acrobat and Reader

CVE-2026-34621 is a 'Prototype Pollution' vulnerability affecting Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier, including Acrobat DC and Acrobat 2024. This flaw, categorized as an Improperly Controlled Modification of Object Prototype Attributes, could enable arbitrary code execution within the context of the current user. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, unauthorized data modifications, and disruption of system operations. Exploitation of CVE-2026-34621 requires user interaction, specifically that a victim opens a malicious file. Reports indicate that this vulnerability has been actively exploited in the wild since at least December 2025, with some sources noting that no user interaction beyond simply opening a malicious PDF document is necessary for an attack to succeed. Adobe has released emergency updates to address this issue.

Vulnerability name

Fortinet SQL Injection Vulnerability

Product

Fortinet FortiClient EMS

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Vulnerability name

Microsoft Windows Link Following Vulnerability

Product

Microsoft Windows

CVE-2025-60710 is an elevation-of-privilege vulnerability affecting the Host Process for Windows Tasks. The vulnerability stems from improper link resolution before file access, also known as a "link following" issue. An authorized attacker with local access could exploit this vulnerability to gain elevated privileges. Specifically, a low-privileged user could manipulate file system reparse points (like symbolic links) to cause the Host Process for Windows Tasks to operate on attacker-controlled file system targets, potentially achieving SYSTEM-level effects. A patch has been released by Microsoft for Windows 11 versions 2H2 and 25H2.