Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Alert TWCERTCC-200-202604-00000013
【CVE-2026-35616】Fortinet FortiClient EMS Improper Access Control Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation: Unknown】 An improper access control vulnerability exists in Fortinet FortiClient EMS, which may allow an unauthenticated attacker to execute unauthorized code or commands via specially crafted requests.
【CVE-2026-1340】Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation: Unknown】 A code injection vulnerability exists in Ivanti Endpoint Manager Mobile (EPMM), which may allow an attacker to achieve remote code execution without authentication.
【CVE-2012-1854】Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability (CVSS v3.1: 7.8)
【Ransomware Exploitation: Unknown】 An insecure library loading vulnerability exists in Microsoft Visual Basic for Applications (VBA), which may allow remote code execution.
【CVE-2025-60710】Microsoft Windows Link Following Vulnerability (CVSS v3.1: 7.8)
【Ransomware Exploitation: Unknown】 A link following vulnerability exists in Microsoft Windows, which may lead to privilege escalation.
【CVE-2023-21529】Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
【Ransomware Exploitation: Unknown】 A deserialization of untrusted data vulnerability exists in Microsoft Exchange Server, which may allow an authenticated attacker to execute remote code.
【CVE-2023-36424】Microsoft Windows Out-of-Bounds Read Vulnerability (CVSS v3.1: 7.8)
【Ransomware Exploitation: Unknown】 An out-of-bounds read vulnerability exists in the Microsoft Windows Common Log File System driver, which may allow threat actors to perform privilege escalation.
【CVE-2020-9715】Adobe Acrobat Use-After-Free Vulnerability (CVSS v3.1: 7.8)
【Ransomware Exploitation: Unknown】 A use-after-free vulnerability exists in Adobe Acrobat, which may allow code execution.
【CVE-2026-21643】Fortinet SQL Injection Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation: Unknown】 An SQL injection vulnerability exists in Fortinet FortiClient EMS, which may allow an unauthenticated attacker to execute unauthorized code or commands via specially crafted HTTP requests.
【CVE-2026-34621】Adobe Acrobat and Reader Prototype Pollution Vulnerability (CVSS v3.1: 8.6)
【Ransomware Exploitation: Unknown】 A prototype pollution vulnerability exists in Adobe Acrobat and Reader, which may allow arbitrary code execution.