Common Vulnerabilities and Exposures (CVE)

CVE-2026-35616

Apr 4, 2026 03:55:38 UTC

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

CVE-2026-32186

Apr 4, 2026 03:55:37 UTC

Microsoft Bing Elevation of Privilege Vulnerability

CVE-2026-26135

Apr 4, 2026 03:55:36 UTC

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

CVE-2026-33107

Apr 4, 2026 03:55:35 UTC

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32213

Apr 4, 2026 03:55:33 UTC

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-34931

Apr 4, 2026 03:55:32 UTC

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account...

CVE-2026-34932

Apr 4, 2026 03:55:31 UTC

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.

CVE-2026-28703

Apr 4, 2026 03:55:30 UTC

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report.

CVE-2026-3880

Apr 4, 2026 03:55:29 UTC

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report.

CVE-2026-4108

Apr 4, 2026 03:55:28 UTC

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.

CVE-2026-4107

Apr 4, 2026 03:55:26 UTC

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report.

CVE-2026-3879

Apr 4, 2026 03:55:25 UTC

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report.

CVE-2026-28756

Apr 4, 2026 03:55:24 UTC

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report.

CVE-2026-33105

Apr 4, 2026 03:55:23 UTC

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-28754

Apr 4, 2026 03:55:21 UTC

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.