CVE CyberSecurity Database News

Apr 10, 2026 RCE Exploit

CVE-2026-40175 - Major Axios Vulnerability Lets Attackers Turn Prototype Pollution Into Remote Code Execution (RCE) or Cloud Account Takeover

Axios is one of the world’s most popular HTTP clients for JavaScript. Used widely in browsers and Node.js projects, it’s trusted by

Apr 9, 2026 Exploit

CVE-2025-62718 - Axios Proxy Bypass and SSRF Vulnerability Explained

The world of web development relies on trustworthy libraries. One of the most popular HTTP clients for JavaScript, Axios, faced a serious issue that you

Apr 4, 2026 RCE API API Security

CVE-2026-35616 - Breaking Down the Fortinet FortiClientEMS Improper Access Control Vulnerability (7.4.5 - 7.4.6)

Fortinet is a trusted name in the world of cybersecurity. Its FortiClientEMS product is often the backbone of endpoint management for thousands of organizations worldwide.

Apr 2, 2026 Exploit

CVE-2026-35414 - Exploiting OpenSSH’s authorized_keys Principals Mishandling

CVE-2026-35414 is a newly disclosed vulnerability affecting OpenSSH versions prior to 10.3. This flaw opens the door to unexpected access due to the way

Apr 2, 2026

CVE-2026-35385 - OpenSSH SCP Protocol Setuid/Setgid File Installation Flaw (Exclusive Exploit Breakdown)

A quietly dangerous flaw exists in versions of OpenSSH before 10.3, where a file downloaded over SCP as root with -O (Old protocol) and