Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower

Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Data export is locked. Upgrade your package to enable filtering and downloading.

🔔 Premium Features
🔍 Filter Threats
Title
SeverityPoCActively ExploitedSourceDate
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA1 day ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
CVE-2026-54246
## Description The `routesrv` component exposes the full cluster route topology (Ingress/RouteGroup configurations, backend URLs, filter chains, OAut...
MEDIUM??????????NVD1 hour ago
CVE-2026-55177
# Authenticated full-read SSRF in CloudTAK `/api/esri*` routes — user-controlled URL fetched with no IP-classification guard ## Summary Every rout...
HIGH??????????NVD1 hour ago
CVE-2026-54559
### Impact The trie language model code introduced in PocketSphinx 5prealpha failed to check various boundary conditions when reading the headers of ...
MEDIUM??????????NVD1 hour ago
CVE-2026-54570
### Summary The HTML specification requires that a MathML `<annotation-xml>` element with `encoding="text/html"` or `encoding="ap...
MEDIUM??????????NVD1 hour ago
CVE-2026-54498
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewCompone...
HIGH??????????NVD1 hour ago
CVE-2026-55518
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks att...
CRITICAL??????????NVD1 hour ago
CVE-2026-54497
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewCompone...
MEDIUM??????????NVD1 hour ago
CVE-2026-54163
secure_headers manages application of security headers with many safe defaults. Prior to 7.3.0, secure_headers builds the Content-Security-Policy valu...
MEDIUM??????????NVD1 hour ago
CVE-2026-54244
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and ...
LOW??????????NVD1 hour ago
CVE-2026-54242
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src...
MEDIUM??????????NVD1 hour ago
CVE-2026-54243
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvE...
MEDIUM??????????NVD1 hour ago
CVE-2026-52584
Buffer Overflow vulnerability in libjxl v.0.11.2 and before allows a local attacker to obtain sensitive information via the DecodeImageAPNG function
UNKNOWN??????????NVD1 hour ago
CVE-2026-52348
cool-admin-java 8.0.0 has a SQL injection vulnerability in the order() method of CrudOption.java.
UNKNOWN??????????NVD1 hour ago
CVE-2026-52203
An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter.
UNKNOWN??????????NVD1 hour ago
CVE-2026-50274
Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog...
HIGH??????????NVD1 hour ago
CVE-2026-50271
Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming ...
HIGH??????????NVD1 hour ago
CVE-2026-50272
dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/sr...
HIGH??????????NVD1 hour ago
CVE-2026-54159
PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected se...
CRITICAL??????????NVD1 hour ago
CVE-2026-44891
Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.co...
HIGH??????????NVD1 hour ago
CVE-2026-49977
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.33.0, tarteaucitron.cookie.purge() is called on any element with the purgeBtn...
MEDIUM??????????NVD1 hour ago