Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower

Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Data export is locked. Upgrade your package to enable filtering and downloading.

🔔 Premium Features
🔍 Filter Threats
Title
SeverityPoCActively ExploitedSourceDate
CVE-2025-51678
An issue was discovered in RISC-V PicoRV32 commit 87c89a. A mismatch in the PCPI INSN and memory address can lead to unexpected behavior.
UNKNOWN??????????NVD6 hours ago
CVE-2025-51677
An issue was discovered in openRISC OR1200 commit 83ac6b. An output mismatch between the RTL and the netlist of the or1200 cpu output port can lead to...
UNKNOWN??????????NVD6 hours ago
CVE-2026-16074
A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function update_plugin/update_all_plugins of the file astrbot/dashb...
MEDIUM??????????NVD6 hours ago
CVE-2026-54567
## 1. Header | Field | Value | |---|---| | **Title** | Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix var...
HIGH??????????NVD6 hours ago
CVE-2026-15415
AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics...
MEDIUM??????????NVD6 hours ago
CVE-2026-54561
### Impact `context_import` passed the caller-supplied `filePath` directly to `fs.readFileSync` with no path confinement. A malicious MCP client — ...
MEDIUM??????????NVD7 hours ago
CVE-2026-9171
IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulner...
HIGH??????????NVD7 hours ago
CVE-2026-9135
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnera...
CRITICAL??????????NVD7 hours ago
CVE-2026-9103
IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/au...
CRITICAL??????????NVD7 hours ago
CVE-2026-58195
Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/ser...
HIGH??????????NVD7 hours ago
CVE-2026-52746
JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear bac...
HIGH??????????NVD7 hours ago
CVE-2026-49835
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request ...
MEDIUM??????????NVD7 hours ago
CVE-2026-48045
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every tru...
MEDIUM??????????NVD7 hours ago
CVE-2026-47180
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per ...
MEDIUM??????????NVD7 hours ago
CVE-2026-47183
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogg...
MEDIUM??????????NVD7 hours ago
CVE-2026-47184
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into...
MEDIUM??????????NVD7 hours ago
CVE-2026-45703
Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, the WordExport export flow in bundles/WordExpo...
MEDIUM??????????NVD7 hours ago
CVE-2026-45162
Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, multiple Pimcore locations call PHP's uns...
HIGH??????????NVD7 hours ago
CVE-2026-12283
Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation ...
MEDIUM??????????NVD7 hours ago
CVE-2026-54546
### Summary `PUT /api/basemap` (the basemap import endpoint) fetches an attacker-supplied URL server-side with **no SSRF protection whatsoever**. Any...
MEDIUM??????????NVD7 hours ago