Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button

LATEST NEWS

decompress npm vulnerability CVE-2026-53486 path traversal in Node.js archive extraction
  • Vulnerability Report

decompress npm Vulnerability CVE-2026-53486 (CVSS 9.1) Threatens 2.8 Million Weekly Downloads

Do Son July 12, 2026 0
Apache IoTDB vulnerabilities path traversal and authentication bypass in DataNode RPC
  • Vulnerability Report

Apache IoTDB Fixes Path Traversal and Authentication Bypass Flaws (CVE-2026-24014)

Do Son July 11, 2026 0
Apache Camel vulnerabilities diagram showing header injection and server-side request forgery attack flow across Camel routes
  • Vulnerability Report

Apache Camel Vulnerabilities Expose Routes to Header Injection and SSRF

Do Son July 10, 2026 0
Gardyn IoT Hub advisory graphic showing CVE-2026-13768 remote code execution risk on smart garden devices
  • Vulnerability Report

Gardyn IoT Hub Flaw CVE-2026-13768 (CVSS 10) Enables Unauthenticated Remote Code Execution

Do Son July 10, 2026 0
FreeBSD privilege escalation advisory chart highlighting a kernel use-after-free and two local root flaws
  • Vulnerability Report

FreeBSD Patches Three Kernel Flaws That Enable Local Privilege Escalation

Do Son July 10, 2026 0

Tech News

Claude Reflect dashboard interface visualizing AI usage statistics and productivity metrics.
  • Technology

Claude Reflect Dashboard: Anthropic’s New AI Tool

Do Son July 10, 2026 0
Meta Muse Spark 1.1 artificial intelligence model for agent tasks and programming.
  • Technology

Meta Introduces Muse Spark 1.1 AI Model

Do Son July 10, 2026 0
Google Ads AI transparency tools displayed within the My Ad Center interface.
  • Technology

Google Ads AI Transparency Tools to Combat Fake Content

Do Son July 10, 2026 0
Claude Code credit reset notification dashboard illustrating the competitive AI model rivalry.
  • Technology

Claude Code Credit Reset Sparks AI Rivalry

Do Son July 10, 2026 0

Vulnerability

Linux kernel vulnerability CVE-2024-26582 TLS use-after-free root shell exploit diagram
  • Vulnerability

Linux Kernel Vulnerability CVE-2024-26582: Public PoC Reaches Root Shell

Do Son July 7, 2026 0
NTLM reflection CVE-2026-24294 SMB local privilege escalation Windows Server 2025 PoC exploit
  • Vulnerability

NTLM Reflection Bypass CVE-2026-24294 Gets Public PoC Exploit

Do Son June 29, 2026 0
Diagram of the MediaTek t7xx WWAN flaw triggering an out-of-bounds read in the Linux kernel
  • Vulnerability

Public Details Disclosed: MediaTek t7xx WWAN Flaw

Do Son June 24, 2026 0
FreeBSD privilege escalation CVE-2026-49413, Linuxulator vulnerability
  • Vulnerability

FreeBSD Privilege Escalation Flaw CVE-2026-49413 Hits the Linuxulator

Do Son June 15, 2026 0

Cyber Security

Florida Ransomware Negotiator Sentenced for Betraying Victims to BlackCat Florida ransomware negotiator sentenced for BlackCat ransomware extortion scheme
  • Cybercriminals

Florida Ransomware Negotiator Sentenced for Betraying Victims to BlackCat

July 10, 2026 0
North Korea-Linked PolinRider Supply Chain Attack Expands Across Open Source PolinRider supply chain attack diagram showing North Korean hackers hiding loaders in open-source packages
  • Cybercriminals

North Korea-Linked PolinRider Supply Chain Attack Expands Across Open Source

July 9, 2026 0
Rare Werewolf Phishing Campaign Targets Russian Aerospace With AnyDesk WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware
  • Cybercriminals

Rare Werewolf Phishing Campaign Targets Russian Aerospace With AnyDesk

July 9, 2026 0
Phantom Squatting Attacks Weaponize AI Hallucinated Domains, Unit 42 Warns Phantom squatting attacker registering AI hallucinated domains predicted by LLM chatbots
  • Cybercriminals

Phantom Squatting Attacks Weaponize AI Hallucinated Domains, Unit 42 Warns

July 8, 2026 0

Malware Alert

PamStealer macOS Malware Poses as Maccy to Steal Passwords PamStealer macOS malware delivering a Rust infostealer through a fake Maccy clipboard app
  • Malware

PamStealer macOS Malware Poses as Maccy to Steal Passwords

July 10, 2026 0
JADEPUFFER Marks the First AI-Driven Agentic Ransomware Attack JADEPUFFER agentic ransomware attack chain diagram from Langflow RCE to database extortion
  • Malware

JADEPUFFER Marks the First AI-Driven Agentic Ransomware Attack

July 10, 2026 0
Hidden LG Monitor Adware: Stop Unwanted Pop-ups Now LG monitor adware warning showing unwanted McAfee pop-ups and bloatware installation
  • Malware

Hidden LG Monitor Adware: Stop Unwanted Pop-ups Now

July 9, 2026 0
Native Messaging Backdoor Turns a Chrome Extension Into a Windows Threat Native Messaging backdoor malicious Chrome extension PowerShell Windows infection chain diagram
  • Malware

Native Messaging Backdoor Turns a Chrome Extension Into a Windows Threat

July 8, 2026 0

Data Leak

KDDI Data Breach: Millions of Emails and Passwords Stolen KDDI data breach illustration, KDDI email leak security concept
  • Data Leak

KDDI Data Breach: Millions of Emails and Passwords Stolen

July 9, 2026 0
iPhone 18 Pro Secrets Leaked in Tata Electronics Breach iPhone 18 Pro leak from the Tata Electronics data breach exposing Apple supplier lists, components, and drop-test photos RCS End-to-End Encryption
  • Data Leak

iPhone 18 Pro Secrets Leaked in Tata Electronics Breach

June 30, 2026 0
LastPass Customer Data Stolen in Klue Supply Chain Breach LastPass Klue breach OAuth token theft Salesforce supply chain attack
  • Data Leak

LastPass Customer Data Stolen in Klue Supply Chain Breach

June 23, 2026 0
Tata Electronics Data Breach Exposes Apple and Tesla Files Tata Electronics data breach leaking Apple and Tesla component design and specification files on a dark web site
  • Data Leak

Tata Electronics Data Breach Exposes Apple and Tesla Files

June 23, 2026 0
State of Exploited Vulnerabilities — Q2 2026 75 CVEs confirmed exploited in Q2 2026. Microsoft leads with 15, Ivanti tops EPSS at 99%. Full breakdown by vendor, CWE, and publication-to-exploit gap.
  • Report

State of Exploited Vulnerabilities — Q2 2026

Do Son July 11, 2026 0
Read More Read more about State of Exploited Vulnerabilities — Q2 2026
Apache IoTDB Fixes Path Traversal and Authentication Bypass Flaws (CVE-2026-24014) Apache IoTDB vulnerabilities path traversal and authentication bypass in DataNode RPC
  • Vulnerability Report

Apache IoTDB Fixes Path Traversal and Authentication Bypass Flaws (CVE-2026-24014)

Do Son July 11, 2026 0
Read More Read more about Apache IoTDB Fixes Path Traversal and Authentication Bypass Flaws (CVE-2026-24014)
Silver Fox Ghost Distributor Delivers MODBEACON Trojan to Chosen Targets Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm
  • Cyber Security

Silver Fox Ghost Distributor Delivers MODBEACON Trojan to Chosen Targets

Do Son July 11, 2026 0
Read More Read more about Silver Fox Ghost Distributor Delivers MODBEACON Trojan to Chosen Targets
Apache Camel Vulnerabilities Expose Routes to Header Injection and SSRF Apache Camel vulnerabilities diagram showing header injection and server-side request forgery attack flow across Camel routes
  • Vulnerability Report

Apache Camel Vulnerabilities Expose Routes to Header Injection and SSRF

Do Son July 10, 2026 0
Read More Read more about Apache Camel Vulnerabilities Expose Routes to Header Injection and SSRF
Gardyn IoT Hub Flaw CVE-2026-13768 (CVSS 10) Enables Unauthenticated Remote Code Execution Gardyn IoT Hub advisory graphic showing CVE-2026-13768 remote code execution risk on smart garden devices
  • Vulnerability Report

Gardyn IoT Hub Flaw CVE-2026-13768 (CVSS 10) Enables Unauthenticated Remote Code Execution

Do Son July 10, 2026 0
Read More Read more about Gardyn IoT Hub Flaw CVE-2026-13768 (CVSS 10) Enables Unauthenticated Remote Code Execution
FreeBSD Patches Three Kernel Flaws That Enable Local Privilege Escalation FreeBSD privilege escalation advisory chart highlighting a kernel use-after-free and two local root flaws
  • Vulnerability Report

FreeBSD Patches Three Kernel Flaws That Enable Local Privilege Escalation

Do Son July 10, 2026 0
Read More Read more about FreeBSD Patches Three Kernel Flaws That Enable Local Privilege Escalation
Kafka Authentication Bypass in the OAUTHBEARER JWT Path Kafka authentication bypass through OAUTHBEARER JWT replay on Apache Kafka 4.0.x brokers
  • Vulnerability Report

Kafka Authentication Bypass in the OAUTHBEARER JWT Path

Do Son July 10, 2026 0
Read More Read more about Kafka Authentication Bypass in the OAUTHBEARER JWT Path
FastNetMon Launches Netomics, a Self-Hosted Routing Intelligence Platform Netomics_Self-hosted_Routing_Intelligence_for_Netw_1783602857g1YFYzWQZz
  • Press Release

FastNetMon Launches Netomics, a Self-Hosted Routing Intelligence Platform

cybernewswire July 10, 2026 0
Read More Read more about FastNetMon Launches Netomics, a Self-Hosted Routing Intelligence Platform
WSL Containers Now Runs on Windows 10 Too WSL Containers running on Windows 10 without Docker Desktop using wslc command in Windows Terminal
  • Windows

WSL Containers Now Runs on Windows 10 Too

Do Son July 10, 2026 0
Read More Read more about WSL Containers Now Runs on Windows 10 Too
CVE-2026-13753: HP Missing Authorization Vulnerability HP Deskjet missing authorization vulnerability CVE-2026-13753 exposing printer API security flaw
  • Vulnerability Report

CVE-2026-13753: HP Missing Authorization Vulnerability

Do Son July 10, 2026 0
Read More Read more about CVE-2026-13753: HP Missing Authorization Vulnerability
Public PoC Discloses CVE-2026-31694, a Linux Kernel FUSE Local Privilege Escalation Linux kernel FUSE local privilege escalation via CVE-2026-31694 page cache overflow
  • Vulnerability Report

Public PoC Discloses CVE-2026-31694, a Linux Kernel FUSE Local Privilege Escalation

Do Son July 10, 2026 0
Read More Read more about Public PoC Discloses CVE-2026-31694, a Linux Kernel FUSE Local Privilege Escalation
GNU Guix Vulnerabilities Expose guix substitute and guix pull GNU Guix vulnerabilities in guix substitute and guix pull enabling remote privilege escalation
  • Vulnerability Report

GNU Guix Vulnerabilities Expose guix substitute and guix pull

Do Son July 10, 2026 0
Read More Read more about GNU Guix Vulnerabilities Expose guix substitute and guix pull
Cloudflare Launches Drop for Temporary and Permanent Static Site Hosting Cloudflare Drop static website hosting interface with instant global deployment.
  • Technology

Cloudflare Launches Drop for Temporary and Permanent Static Site Hosting

Do Son July 10, 2026 0
Read More Read more about Cloudflare Launches Drop for Temporary and Permanent Static Site Hosting
Django SQL Injection Flaw CVE-2026-1207 Is Being Exploited in the Wild Django SQL injection CVE-2026-1207 exploited in the wild via PostGIS RasterField raster lookups
  • Vulnerability Report

Django SQL Injection Flaw CVE-2026-1207 Is Being Exploited in the Wild

Do Son July 10, 2026 0
Read More Read more about Django SQL Injection Flaw CVE-2026-1207 Is Being Exploited in the Wild
Roundcube 1.7.2 Patches Zero-Click Stored XSS CVE-2026-54433 Roundcube zero-click XSS warning showing CVE-2026-54433 stored XSS in plain-text email rendering
  • Vulnerability Report

Roundcube 1.7.2 Patches Zero-Click Stored XSS CVE-2026-54433

Do Son July 9, 2026 0
Read More Read more about Roundcube 1.7.2 Patches Zero-Click Stored XSS CVE-2026-54433
Apache Lucene.NET Vulnerability Trio Fixed in Beta 18 Apache Lucene.NET vulnerability advisory showing a Lucene.Net.Replicator path traversal risk
  • Vulnerability Report

Apache Lucene.NET Vulnerability Trio Fixed in Beta 18

Do Son July 9, 2026 0
Read More Read more about Apache Lucene.NET Vulnerability Trio Fixed in Beta 18
Feast Feature Server Flaw Lets Unauthenticated Attackers Write Files Feast Feature Server arbitrary file write vulnerability advisory graphic
  • Vulnerability Report

Feast Feature Server Flaw Lets Unauthenticated Attackers Write Files

Do Son July 9, 2026 0
Read More Read more about Feast Feature Server Flaw Lets Unauthenticated Attackers Write Files
OPNsense Root RCE Flaw CVE-2026-57155 (CVSS 9.9): Details and PoC Publicly Disclosed OPNsense root RCE advisory graphic showing an arbitrary file write chain to root on the firewall
  • Vulnerability Report

OPNsense Root RCE Flaw CVE-2026-57155 (CVSS 9.9): Details and PoC Publicly Disclosed

Do Son July 9, 2026 0
Read More Read more about OPNsense Root RCE Flaw CVE-2026-57155 (CVSS 9.9): Details and PoC Publicly Disclosed
Linux Kernel Privilege Escalation Flaw CVE-2026-46215: PoC and Full Write-Up Public Linux kernel privilege escalation CVE-2026-46215 DRM GEM use-after-free root exploit diagram
  • Vulnerability Report

Linux Kernel Privilege Escalation Flaw CVE-2026-46215: PoC and Full Write-Up Public

Do Son July 9, 2026 0
Read More Read more about Linux Kernel Privilege Escalation Flaw CVE-2026-46215: PoC and Full Write-Up Public
MOVEit Transfer Fixes Stored XSS and Two Other Vulnerabilities MOVEit Transfer stored XSS vulnerability CVE-2026-11903 patched in version 2026.0.1
  • Vulnerability Report

MOVEit Transfer Fixes Stored XSS and Two Other Vulnerabilities

Do Son July 9, 2026 0
Read More Read more about MOVEit Transfer Fixes Stored XSS and Two Other Vulnerabilities
Microsoft Patches RoguePlanet Defender Zero-Day That Grants SYSTEM Access Microsoft Defender zero-day RoguePlanet CVE-2026-50656 patched via Malware Protection Engine update
  • Vulnerability Report

Microsoft Patches RoguePlanet Defender Zero-Day That Grants SYSTEM Access

Do Son July 9, 2026 0
Read More Read more about Microsoft Patches RoguePlanet Defender Zero-Day That Grants SYSTEM Access
Chrome MV2 Extensions Removed from Web Store Aug 31 Chrome Web Store removing all Manifest V2 extensions on August 31 2026 affecting uBlock Origin and others
  • Technology

Chrome MV2 Extensions Removed from Web Store Aug 31

Do Son July 9, 2026 0
Read More Read more about Chrome MV2 Extensions Removed from Web Store Aug 31
Next Page ❯

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-56271CVSS 9.8
    Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default...
  • CVE-2026-56260CVSS 9.1
    Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker...
  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.