Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower

Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Data export is locked. Upgrade your package to enable filtering and downloading.

🔔 Premium Features
🔍 Filter Threats
Title
SeverityPoCActively ExploitedSourceDate
CVE-2026-7771
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries c...
MEDIUM??????????NVD4 hours ago
CVE-2026-7755
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration ...
HIGH??????????NVD4 hours ago
CVE-2026-8481
IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/va...
CRITICAL??????????NVD4 hours ago
CVE-2026-7667
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns ...
HIGH??????????NVD4 hours ago
CVE-2026-7754
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery (SSRF) due to insecure default configuration and incomple...
HIGH??????????NVD4 hours ago
CVE-2026-7364
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 thro...
LOW??????????NVD4 hours ago
CVE-2026-63030
WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the author__no...
HIGH??????????NVD4 hours ago
CVE-2026-60137
WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which co...
CRITICAL??????????NVD4 hours ago
CVE-2026-55254
NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper...
MEDIUM??????????NVD4 hours ago
CVE-2026-54171
Excon is usable, fast, simple HTTP 1.1 for Ruby. Prior to 1.5.0, Excon's RedirectFollower middleware failed to strip additional sensitive headers...
MEDIUM??????????NVD4 hours ago
CVE-2026-52199
An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the sbin/adbd component
UNKNOWN??????????NVD4 hours ago
CVE-2026-51833
Xenforo 2.3.8 is vulnerable to SSRF. Attackers that have administrator privileges or are able to add/save RSS feeds can enumerate internal services (p...
UNKNOWN??????????NVD4 hours ago
CVE-2026-4942
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message and downgrade the Transport Layer Security (TLS) pro...
MEDIUM??????????NVD4 hours ago
CVE-2026-4938
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 thro...
MEDIUM??????????NVD4 hours ago
CVE-2026-50151
oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a ...
HIGH??????????NVD4 hours ago
CVE-2026-50163
oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relati...
HIGH??????????NVD4 hours ago
CVE-2026-48373
Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current u...
HIGH??????????NVD4 hours ago
CVE-2026-49834
sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLog(N>1) or WithSigne...
MEDIUM??????????NVD4 hours ago
CVE-2026-49284
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path ...
HIGH??????????NVD4 hours ago
CVE-2026-48819
Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime templa...
MEDIUM??????????NVD4 hours ago