CVE CyberSecurity Database News

Apr 4, 2026 RCE API API Security

CVE-2026-35616 - Breaking Down the Fortinet FortiClientEMS Improper Access Control Vulnerability (7.4.5 - 7.4.6)

Fortinet is a trusted name in the world of cybersecurity. Its FortiClientEMS product is often the backbone of endpoint management for thousands of organizations worldwide.

Apr 2, 2026 Exploit

CVE-2026-35414 - Exploiting OpenSSH’s authorized_keys Principals Mishandling

CVE-2026-35414 is a newly disclosed vulnerability affecting OpenSSH versions prior to 10.3. This flaw opens the door to unexpected access due to the way

Apr 2, 2026

CVE-2026-35385 - OpenSSH SCP Protocol Setuid/Setgid File Installation Flaw (Exclusive Exploit Breakdown)

A quietly dangerous flaw exists in versions of OpenSSH before 10.3, where a file downloaded over SCP as root with -O (Old protocol) and

Apr 1, 2026 Google Chrome

CVE-2026-5281 - Understanding the “Use After Free” Vulnerability in Dawn on Google Chrome (Before 146..768.178)

Recently, a critical vulnerability known as CVE-2026-5281 was discovered in the graphics engine Dawn as used within Google Chrome. Affecting Chrome versions prior to 146.

Mar 27, 2026 Java

CVE-2026-33871 - Denial of Service in Netty HTTP/2 via CONTINUATION Frame Flood

CVE-2026-33871 uncovers a serious denial of service (DoS) vulnerability in Netty, one of the most widely used asynchronous network application frameworks for Java. Found in