Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower

Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Data export is locked. Upgrade your package to enable filtering and downloading.

🔔 Premium Features
🔍 Filter Threats
Title
SeverityPoCActively ExploitedSourceDate
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA1 day ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
???-????-????
??????????????????????????????????
??????????????????????????????????
HIGH??????????SA3 days ago
CVE-2026-57980
Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform tampering over ...
MEDIUM??????????NVD4 hours ago
CVE-2026-56740
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit ...
HIGH??????????NVD4 hours ago
CVE-2026-56741
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply ...
HIGH??????????NVD4 hours ago
CVE-2026-56171
Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a networ...
HIGH??????????NVD4 hours ago
CVE-2026-54335
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In 5.0.44 and earlier, the _.merge(target, s...
LOW??????????NVD4 hours ago
CVE-2026-49485
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9 and 6.9.4.2, all implementatio...
HIGH??????????NVD4 hours ago
CVE-2026-48049
@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured ...
MEDIUM??????????NVD4 hours ago
CVE-2026-48022
@hapi/wreck is an HTTP client utility. Prior to 18.1.2, Wreck strips credential headers including Authorization, Cookie, and Proxy-Authorization befor...
MEDIUM??????????NVD4 hours ago
CVE-2026-54246
## Description The `routesrv` component exposes the full cluster route topology (Ingress/RouteGroup configurations, backend URLs, filter chains, OAut...
MEDIUM??????????NVD4 hours ago
CVE-2026-55177
# Authenticated full-read SSRF in CloudTAK `/api/esri*` routes — user-controlled URL fetched with no IP-classification guard ## Summary Every rout...
HIGH??????????NVD4 hours ago
CVE-2026-54559
### Impact The trie language model code introduced in PocketSphinx 5prealpha failed to check various boundary conditions when reading the headers of ...
MEDIUM??????????NVD5 hours ago
CVE-2026-54570
### Summary The HTML specification requires that a MathML `<annotation-xml>` element with `encoding="text/html"` or `encoding="ap...
MEDIUM??????????NVD5 hours ago
CVE-2026-54498
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewCompone...
HIGH??????????NVD5 hours ago
CVE-2026-55518
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks att...
CRITICAL??????????NVD5 hours ago
CVE-2026-54497
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewCompone...
MEDIUM??????????NVD5 hours ago
CVE-2026-54163
secure_headers manages application of security headers with many safe defaults. Prior to 7.3.0, secure_headers builds the Content-Security-Policy valu...
MEDIUM??????????NVD5 hours ago
CVE-2026-54244
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and ...
LOW??????????NVD5 hours ago
CVE-2026-54242
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src...
MEDIUM??????????NVD5 hours ago
CVE-2026-54243
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvE...
MEDIUM??????????NVD5 hours ago
CVE-2026-52584
Buffer Overflow vulnerability in libjxl v.0.11.2 and before allows a local attacker to obtain sensitive information via the DecodeImageAPNG function
UNKNOWN??????????NVD5 hours ago