Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild
Stay informed on the latest CVE entries. Explore critical vulnerabilities and exposures to safeguard your systems from cyber threats and attacks.
Search across headline titles and summaries.
Background for this topic.
CVE is a global system of standardized identifiers for publicly known cybersecurity vulnerabilities. Each record, typically written as CVE-YYYY-NNNN, gives a vulnerability a stable reference and usually includes a description, affected products or versions, and links to advisories or fixes. The CVE Program coordinates the assignment and publication of records through authorized organizations, allowing researchers, vendors, security tools, and defenders to discuss the same flaw without relying on different names.
Practitioners use CVE identifiers to match vulnerabilities across asset inventories, scanners, patch advisories, and threat-intelligence reports. A CVE is an identity, not a severity score or proof that a system is exploitable: prioritization should also consider the affected configuration, exposure, available mitigations, exploit activity, and business impact. Delays in identifying vulnerable versions can leave internet-facing services or embedded components exposed, while incomplete product-to-CVE mapping can cause missed remediation. Security teams should verify the affected versions and vendor guidance before patching or applying workarounds.
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances
The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]