Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 CVSS score: 9.1, has been described as a pre-authentication API access bypass leading to privilege escalation...

CVE-2025-4379

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

CVE-2025-4379

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

CVE-2025-4379

DobryCMS prior to 3.x (versions 2.* and lower) is affected by a Reflected XSS in the szukaj parameter. The root cause is improper input validation, allowing arbitrary JavaScript to execute in a victim’s browser when a specially crafted URL is opened. A hotfix addressing affected versions was rele...

CVE-2025-4379 Reflected XSS in DobryCMS

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

XenServer and Citrix Hypervisor Security Update for CVE-2024-28956

Description of Problem Intel has disclosed a security issue affecting Intel CPUs. This CPU hardware issue may allow privileged code in a guest VM to infer some memory content of another VM that is running on the same CPU core. Although this is not a vulnerability in the XenServer or Citrix...

Vulnerability fixed in Solarwinds Web Helpdesk

Solarwinds has fixed a vulnerability in Web Helpdesk. An unauthenticated malicious person could exploit the vulnerability to execute deserialization code on the system without authentication using Java. Solarwinds developers have released a hotfix to fix the vulnerability. See attached references...

Vulnerabilities fixed in Solarwinds Web Helpdesk

Solarwinds fixed vulnerabilities in Web Helpdesk A malicious party can exploit the vulnerabilities to execute code on the system using Java deserialization. A malicious party can also use hardcoded credentials to gain access to data and functionality. Solarwinds developers have released a hotfix ...

Vulnerability fixed in Check Point VPN products

Check Point has fixed a vulnerability in Quantum Gateway VPN systems. Check Point reports observing active abuse attempts. A path-traversal bug allows a malicious party to gain access to the username and password credentials of local accounts on the VPN system. If these local accounts, are...

KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS

-------------------------------------------------------------------- Title: Microsoft Distributed Transaction Coordinator DoS BUG-ID: 2002015 Released: 19th Apr 2002 -------------------------------------------------------------------- Problem: ======== A flaw in the way MSDTC handles malformed...