Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower

Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Data export is locked. Upgrade your package to enable filtering and downloading.

🔔 Premium Features
🔍 Filter Threats
Title
SeverityPoCActively ExploitedSourceDate
CVE-2026-52348
cool-admin-java 8.0.0 has a SQL injection vulnerability in the order() method of CrudOption.java.
UNKNOWN??????????NVD3 hours ago
CVE-2026-52203
An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter.
UNKNOWN??????????NVD3 hours ago
CVE-2026-50274
Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog...
HIGH??????????NVD3 hours ago
CVE-2026-50271
Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming ...
HIGH??????????NVD3 hours ago
CVE-2026-50272
dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/sr...
HIGH??????????NVD3 hours ago
CVE-2026-54159
PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected se...
CRITICAL??????????NVD3 hours ago
CVE-2026-44891
Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.co...
HIGH??????????NVD3 hours ago
CVE-2026-49977
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.33.0, tarteaucitron.cookie.purge() is called on any element with the purgeBtn...
MEDIUM??????????NVD3 hours ago
CVE-2026-48062
CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/StrictRules/FileRules.php checke...
CRITICAL??????????NVD3 hours ago
CVE-2026-45785
OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. In 3.1.3 and earlier, th...
MEDIUM??????????NVD3 hours ago
CVE-2026-13446
IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound aut...
CRITICAL??????????NVD3 hours ago
CVE-2026-13445
IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's u...
HIGH??????????NVD3 hours ago
CVE-2026-53496
## Summary ExifReader 4.40.0 can throw an uncaught `RangeError: Offset is outside the bounds of the DataView` while parsing crafted HEIC/AVIF files. ...
MEDIUM??????????NVD4 hours ago
CVE-2026-8861
IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser....
MEDIUM??????????NVD4 hours ago
CVE-2026-8859
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validati...
CRITICAL??????????NVD4 hours ago
CVE-2026-8635
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute ar...
CRITICAL??????????NVD4 hours ago
CVE-2026-8505
IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the ...
CRITICAL??????????NVD4 hours ago
CVE-2026-8476
IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache c...
CRITICAL??????????NVD4 hours ago
CVE-2026-8056
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exi...
HIGH??????????NVD4 hours ago
CVE-2026-7872
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication ...
HIGH??????????NVD4 hours ago