Skip to main content
CVE-2026-35616 CRITICAL POC KEV THREAT NEWS Emergency

Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV).

Fortinet Authentication Bypass
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2016-20052 CRITICAL POC Act Now

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25254 CRITICAL POC Act Now

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Nico Ftp
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-35459 CRITICAL GHSA Act Now

Server-Side Request Forgery (SSRF) in pyload-ng allows authenticated users with ADD permission to access internal network resources and cloud metadata endpoints by exploiting unchecked HTTP redirect handling. The vulnerability bypasses CVE-2026-33992 mitigations through redirect chains-pycurl follows up to 10 redirects automatically without validating destination IPs against the SSRF filter. Attackers can retrieve AWS/GCP/Azure instance metadata (including IAM credentials) and probe internal services. While exploitation requires authentication (reducing severity from the Critical unauthenticated CVE-2026-33992), a public proof-of-concept demonstrates the attack and no vendor-released patch has been identified at time of analysis.

SSRF Microsoft
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy