[Security Vulnerability Alert] CISA adds 9 known vulnerabilities exploited by hackers to the KEV directory (2026/04/06-2026/04/12)

 
2026/4/17 ~ 2026/10/17
View Count:32

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202604-00000013

[Content Description]
【CVE-2026-35616】Fortinet FortiClient EMS Improper Access Control Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】A vulnerability exists in Fortinet FortiClient EMS that allows unauthorized attackers to execute unauthorized code or instructions through specially crafted requests.

【CVE-2026-1340】Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】A code injection vulnerability exists in Ivanti Endpoint Manager Mobile (EPMM) that could allow attackers to achieve remote code execution without authentication.

【CVE-2012-1854】Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability (CVSS v3.1: 7.8)
【Exploited by Ransomware: Unknown】A vulnerability exists in Microsoft Visual Basic for Applications (VBA) that allows insecure library loading, potentially enabling remote code execution.

【CVE-2025-60710】Microsoft Windows Link Following Vulnerability (CVSS v3.1: 7.8)
【Exploited by Ransomware: Unknown】A link following vulnerability exists in Microsoft Windows, potentially leading to privilege escalation.

【CVE-2023-21529】Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】A vulnerability exists in Microsoft Exchange Server that allows untrusted data deserialization, potentially enabling a verified attacker to execute remote code.

【CVE-2023-36424】Microsoft Windows Out-of-Bounds Read Vulnerability (CVSS v3.1: 7.8)
【Exploited by Ransomware: Unknown】A vulnerability exists in the Microsoft Windows Universal Log File System driver that allows out-of-bounds read access, potentially enabling privilege escalation by threat actors.

【CVE-2020-9715】Adobe Acrobat Use-After-Free Vulnerability (CVSS v3.1: 7.8)
【Exploited by Ransomware: Unknown】A vulnerability exists in Adobe Acrobat that allows use-after-free memory to be executed.

【CVE-2026-21643】Fortinet SQL Injection Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】 A SQL injection vulnerability exists in Fortinet FortiClient EMS, which could allow an unauthenticated attacker to execute unauthorized code or instructions through specially crafted HTTP requests.

【CVE-2026-34621】Adobe Acrobat and Reader Prototype Pollution Vulnerability (CVSS v3.1: 8.6)
【Exploited by Ransomware: Unknown】 A prototype pollution vulnerability exists in Adobe Acrobat and Reader, which could allow arbitrary code execution.

[Affected Platforms]
【CVE-2026-35616】Please refer to the official list of affected versions: https://fortiguard.fortinet.com/psirt/FG-IR-26-099

【CVE-2026-1340】Please refer to the official list of affected versions: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340

【CVE-2012-1854】Please refer to the official list of affected versions: https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-046

【CVE-2025-60710】Please refer to the official affected versions listed here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710

【CVE-2023-21529】Please refer to the official affected versions listed here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529

【CVE-2023-36424】Please refer to the official affected versions listed here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424

【CVE-2020-9715】Please refer to the official affected versions listed here: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

【CVE-2026-21643】Please refer to the official affected versions listed here. https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

【CVE-2026-34621】Please refer to the affected versions listed in the official documentation: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

[Recommended Actions]
【CVE-2026-35616】An official patch update has been released for this vulnerability. Please update to the relevant version: https://fortiguard.fortinet.com/psirt/FG-IR-26-099

【CVE-2026-1340】An official patch update has been released for this vulnerability. Please update to the relevant version: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340

【CVE-2012-1854】An official patch update has been released for this vulnerability. Please update to the relevant version: https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-046

【CVE-2025-60710】An official patch update has been released for this vulnerability. Please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710

【CVE-2023-21529】An official patch update has been released for this vulnerability. Please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529

【CVE-2023-36424】An official patch update has been released for this vulnerability. Please update to the relevant version. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424

【CVE-2020-9715】An official patch update has been released for this vulnerability. Please update to the relevant version. https://helpx.adobe.com/security/products/acrobat/apsb20-48.html

【CVE-2026-21643】An official patch update has been released for this vulnerability. Please update to the relevant version. https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

【CVE-2026-34621】An official patch update has been released for this vulnerability. Please update to the relevant version. https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

Files
None
【Back】
Top↑