NRG Networks Inc.

Fortinet Enterprise Management Server CVE-2026-35616 is a critical security vulnerability affecting  Key Facts Severity: Critical (CVSS ~9.1–9.8) Type: Improper access control (CWE-284) Affected versions: FortiClient EMS 7.4.5 and 7.4.6 Exploitation: Actively exploited in the wild (including zero‑day activity) Attack vector: Remote, no authentication required  What the Vulnerability Does This flaw allows an attacker to: Bypass API authentication Send crafted requests directly to the EMS server Execute arbitrary commands or code remotely  In short: unauthenticated remote code execution (RCE). Because EMS centrally manages endpoints, exploitation can give attackers: Administrator-level control of EMS Ability to push malicious scripts to all managed endpoints  Real-World Exploitation Attackers have already used CVE-2026-35616 to: Deliver credential-stealing malware (EKZ infostealer) Push malicious PowerShell scripts via legitimate EMS management channels Harvest...

  CVE‑2026‑27771 is a recently disclosed high‑severity access control vulnerability affecting the Gitea self‑hosted Git platform.  Overview Identifier: CVE‑2026‑27771 Affected software: Gitea (all versions before 1.26.2 ) + Forgejo (confirmed) Vulnerability type: Authentication/authorization bypass Severity: ~CVSS 8.2 (High) Disclosed: May 2026  What the vulnerability does The flaw allows unauthenticated remote attackers to: 👉 Pull private container images from affected Gitea instances 👉 Without any credentials, account, or token This happens because Gitea’s container registry: Fails to enforce authentication on “private” repositories Still serves image data to anonymous API requests  Technical root cause Access control logic in the container registry is flawed The system does not properly validate repository visibility (private/public) Anonymous (“ghost”) users can still access protected endpoints Attackers can simply: Use standard Docker / OCI pull req...