Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems

19 April 2026  |  dark6  |  Vulnerability

SAP's April 2026 Patch Day addresses CVE-2026-27681, a near-perfect CVSS 9.9 SQL injection flaw in SAP Business Planning and Consolidation (BPC) and Business Warehouse (BW). A low-privileged user...

>> read more

Three Windows Defender Zero-Days Exploited in the Wild: BlueHammer Patched, RedSun and UnDefend Still Unpatched

19 April 2026  |  dark6  |  Vulnerability

A security researcher dropped three Windows Defender zero-day exploits in 13 days — BlueHammer (CVE-2026-33825), RedSun, and UnDefend. All three are now confirmed active in live attacks, with...

>> read more

CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV Catalog as Active Exploitation Surges

18 April 2026  |  dark6  |  Vulnerability

CISA has added CVE-2026-34197, a high-severity (CVSS 8.8) deserialization flaw in Apache ActiveMQ Classic, to its Known Exploited Vulnerabilities catalog after active exploitation was detected within 48 hours...

>> read more

Microsoft April 2026 Patch Tuesday: Actively Exploited SharePoint Zero-Day Among 167 Fixes

18 April 2026  |  dark6  |  Vulnerability

Microsoft's April 2026 Patch Tuesday patches 167 vulnerabilities including an actively exploited SharePoint Server zero-day (CVE-2026-32201) and a publicly disclosed Windows Defender race condition (CVE-2026-33825). Security teams should...

>> read more

CVE-2026-39987: Marimo RCE Zero-Day Exploited Within 10 Hours of Disclosure — 662 Attacks Recorded

17 April 2026  |  dark6  |  Vulnerability

A critical unauthenticated RCE vulnerability in the Marimo Python notebook framework (CVE-2026-39987) was actively exploited just 10 hours after public disclosure. Sysdig recorded 662 exploit events over four...

>> read more

Critical Fortinet FortiClient EMS Vulnerability CVE-2026-21643 Actively Exploited — CISA Demands Patch Today

16 April 2026  |  dark6  |  Vulnerability

CISA has added CVE-2026-21643, a critical pre-authentication SQL injection flaw in Fortinet FortiClient EMS (CVSS 9.1), to its Known Exploited Vulnerabilities catalog with a mandatory patching deadline of...

>> read more

Adobe Acrobat Zero-Day CVE-2026-34621: Four Months of Targeted Espionage via Prototype Pollution Exploit

15 April 2026  |  dark6  |  Vulnerability

Adobe patched a critical zero-day in Acrobat Reader (CVE-2026-34621) that was exploited for at least four months via a sophisticated prototype pollution technique. The attack chain enables full...

>> read more

Microsoft April 2026 Patch Tuesday: 163 CVEs Including Two Zero-Days and a Public “BlueHammer” Exploit

15 April 2026  |  dark6  |  Vulnerability

Microsoft's April 2026 Patch Tuesday addresses 163 CVEs, including an actively exploited SharePoint spoofing zero-day (CVE-2026-32201) and a publicly leaked Defender EoP exploit dubbed "BlueHammer" (CVE-2026-33825). A critical...

>> read more