NRG Networks Inc.

CVE-2025-8088 is a high‑severity, widely exploited vulnerability in WinRAR (Windows) that allows attackers to execute arbitrary code via specially crafted archive files. Here’s a clear, concise breakdown: Overview Type: Path traversal vulnerability (CWE‑35) Affected software: WinRAR (Windows) up to version 7.12 Fixed in: WinRAR 7.13 (released July 30, 2025) Severity: High (CVSS ~8.8) Status: Actively exploited in the wild (including as a zero‑day) What the vulnerability is The flaw is caused by improper validation of file paths inside RAR archives: Attackers can embed malicious paths (e.g., ../ ) in archive contents. When extracted, WinRAR may write files outside the intended directory . This enables attackers to place files in sensitive locations like: Windows Startup folder System directories Result: Arbitrary code execution on the victim’s machine. How exploitation works Typical attack chain: Attacker crafts a malicious RAR archive Victim receives it (usually via phishing ...

Fortinet Enterprise Management Server CVE-2026-35616 is a critical security vulnerability affecting  Key Facts Severity: Critical (CVSS ~9.1–9.8) Type: Improper access control (CWE-284) Affected versions: FortiClient EMS 7.4.5 and 7.4.6 Exploitation: Actively exploited in the wild (including zero‑day activity) Attack vector: Remote, no authentication required  What the Vulnerability Does This flaw allows an attacker to: Bypass API authentication Send crafted requests directly to the EMS server Execute arbitrary commands or code remotely  In short: unauthenticated remote code execution (RCE). Because EMS centrally manages endpoints, exploitation can give attackers: Administrator-level control of EMS Ability to push malicious scripts to all managed endpoints  Real-World Exploitation Attackers have already used CVE-2026-35616 to: Deliver credential-stealing malware (EKZ infostealer) Push malicious PowerShell scripts via legitimate EMS management channels Harvest...