Weekly Exploit Roundup

Generated 2026-04-14T08:00:15.448935+00:00 (UTC)

1. ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
   Source: The Hacker News | Published: 2026-04-14T05:50:00+00:00 | Score: 30.035
   A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
   The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.
   It relates to a case of unrestricted file upload that stems from improper validation of
2. Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
   Source: The Hacker News | Published: 2026-04-12T04:25:00+00:00 | Score: 24.065
   Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild.
   The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations.
   It has been described as
3. Critical Marimo pre-auth RCE flaw now under active exploitation
   Source: BleepingComputer | Published: 2026-04-12T14:20:31+00:00 | Score: 22.46
   A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. […]
4. Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
   Source: The Hacker News | Published: 2026-04-10T07:37:00+00:00 | Score: 21.231
   A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig.
   The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including
5. CISA Adds Seven Known Exploited Vulnerabilities to Catalog
   Source: Alerts | Published: 2026-04-13T12:00:00+00:00 | Score: 20.705
   CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2012-1854 Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability CVE-2020-9715 Adobe Acrobat Use-After-Free Vulnerability CVE-2023-21529 Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability CVE-2023-36424 Microsoft Windows Out-of-Bounds Read Vulnerability CVE-2025-60710 Microsoft Windows Link Following Vulnerability CVE-2026-21643 Fortinet SQL Injection Vulnerability CVE-2026-34621 Adobe Acrobat and Reader Prototype Pollution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant
6. Metasploit Wrap-Up 04/10/2026
   Source: Rapid7 Cybersecurity Blog | Published: 2026-04-10T19:11:43+00:00 | Score: 19.476
   Speedup Improvements of MSFVenom & New Modules This week, we have added new modules to Metasploit Framework targeting Cisco Catalyst SD-WAN controllers and osTicket as well as updates and improvements to Windows service-for-user persistence, and LDAP/ADCS-related modules to automatically report related services resulting in an improved data stream, which can be queried by using the services command. We also landed an improvement to msfvenom’s bootup time, thanks to bcoles , resulting in an approximate two-times speedup. New module content (4) AD/CS Authenticated Web Enrollment Services Module Authors: Spencer McIntyre, bwatters-r7, and jhicks-r7 Type: Auxiliary Pull request: #20752 contributed by bwatters-r7 Path: admin/http/web_enrollment_cert Description: This adds a new auxiliary/admin/http/web_enrollment_cert modules that allows certificates to be issued from an Active Directory Certificate Services Web Enrollment portal. Its usage is the same as the auxiliary/admin/http/icpr_cert 
7. Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
   Source: BleepingComputer | Published: 2026-04-13T15:37:05+00:00 | Score: 18.212
   Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. […]
8. CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
   Source: The Hacker News | Published: 2026-04-14T05:39:00+00:00 | Score: 18.03
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
   The list of vulnerabilities is as follows –

   CVE-2026-21643 (CVSS score: 9.1) –  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an unauthenticated attacker to

9. Adobe Patches Reader Zero-Day Exploited for Months
   Source: SecurityWeek | Published: 2026-04-12T07:45:26+00:00 | Score: 17.564
   The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution. The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek .
10. FortiGate CVE-2025-59718 Exploitation: Incident Response Findings
    Source: Rapid7 Cybersecurity Blog | Published: 2026-04-08T13:39:52+00:00 | Score: 15.883
    Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving exploitation of CVE-2025-59718 against a vulnerable FortiGate appliance. In December 2025, Fortinet disclosed this improper verification of cryptographic signature vulnerability that facilitates an SSO login bypass on affected appliances. After the initial exploitation, the attackers maintained a low-profile posture, systematically compromising additional firewalls before moving to internal network hosts. Ultimately, this grace period allowed responders to contain the threat before further impact could occur within the environment. This blog details exploitation insights, attack progression, and practical detection opportunities for defenders handling their own environments. Investigative methodology: Tracing the initial access vector in FortiGate appliances Identifying the Initial Access Vector (IAV) is a cornerstone of any incident response engagement. However, when the source of compromise is not i

End of report.