Active Exploitation

Vulnerabilities 2026-04-12
Marimo CVE-2026-39987: Pre-Auth RCE Exploited Within 10 Hours of Disclosure
A missing authentication check on Marimo's terminal WebSocket endpoint (CVE-2026-39987, CVSS 9.3) gave attackers a root shell with no credentials required — and they were actively exploiting it less than 10 hours after the advisory dropped.
CVE RCE python AI toolchain websocket credential theft active exploitation
Vulnerability 2026-04-12
Adobe Acrobat Reader Zero-Day CVE-2026-34621: Prototype Pollution RCE Exploited Since December
Adobe patches APSB26-43 after confirming CVE-2026-34621, a CVSS 9.6 prototype pollution flaw in Acrobat Reader actively exploited via malicious PDFs since at least December 2025.
adobe acrobat pdf rce zero-day prototype-pollution cve-2026-34621 active-exploitation

Marimo CVE-2026-39987: Pre-Auth RCE Exploited Within 10 Hours of Disclosure