Critical Alert 1 Active Exploit Detected Today

CVE-2026-10520 — Ivanti Sentry OS Command Injection Vulnerability →

Powered by CVE Watchtower

×

Vulnerability Report

Synology DSM Update Fixes High-Severity File Manipulation Flaws Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Synology DSM Update Fixes High-Severity File Manipulation Flaws

Do Son April 16, 2026

Synology has released an important security update for its DiskStation Manager (DSM) operating system to address a...

Critical 9.1 Bypass in OAuth2 Proxy Exposes Upstream Resources OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

Critical 9.1 Bypass in OAuth2 Proxy Exposes Upstream Resources

Do Son April 16, 2026

In the world of cloud-native security, OAuth2 Proxy serves as a vital gatekeeper, providing a flexible and...

CVE-2026-38526: Critical CVSS 10 Vulnerability Discovered in Krayin CRM Krayin CRM RCE CVE-2026-38526

Krayin CRM RCE CVE-2026-38526

CVE-2026-38526: Critical CVSS 10 Vulnerability Discovered in Krayin CRM

Do Son April 16, 2026

A maximum-severity security flaw has been unearthed in Krayin CRM, a popular open-source framework built on Laravel...

CVE-2026-40884: Critical 9.8 Bypass Hits goshs SFTP Servers goshs Authentication Bypass CVE-2026-40884

goshs Authentication Bypass CVE-2026-40884

CVE-2026-40884: Critical 9.8 Bypass Hits goshs SFTP Servers

Do Son April 16, 2026

In the fast-paced environment of penetration testing and CTF challenges, tools that prioritize speed and ease of...

Sustainable Security: NIST Abandons “Analyze Everything” Goal for NVD NIST NVD Overhaul Risk-Based Triage

NIST NVD Overhaul Risk-Based Triage

Sustainable Security: NIST Abandons “Analyze Everything” Goal for NVD

Do Son April 16, 2026

In a major strategic shift, the National Institute of Standards and Technology (NIST) has announced a fundamental...

Cisco Patches Critical CVSS 9.9 RCE Flaws in Identity Services Engine Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco Patches Critical CVSS 9.9 RCE Flaws in Identity Services Engine

Do Son April 16, 2026

Cisco has issued a critical security advisory regarding its Identity Services Engine (ISE), warning of a pair...

RedSun: New Windows Defender Zero-Day Turns Protector into Attacker, PoC Publishes RedSun Zero-Day Windows Defender EoP

RedSun Zero-Day Windows Defender EoP

RedSun: New Windows Defender Zero-Day Turns Protector into Attacker, PoC Publishes

Do Son April 16, 2026

Just as the cybersecurity community began digesting the latest round of patches for the high-profile “BlueHammer” vulnerability,...

Critical 9.8 Webex Flaw Lets Attackers Impersonate Any User Cisco Webex SSO Webex Impersonation Flaw

Cisco Webex SSO Webex Impersonation Flaw

Critical 9.8 Webex Flaw Lets Attackers Impersonate Any User

Do Son April 16, 2026

In the modern enterprise, the Single Sign-On (SSO) portal is the master key to a company’s digital...

Splunk Issues Urgent Fixes for RCE and Clear-Text Token Leaks

Splunk Enterprise vulnerabilities, CVSS 9.8 flaw, CVE-2026-20253, CVE-2026-20251, CVE-2026-20258 Splunk Enterprise Vulnerabilities CVE-2026-20240 Splunk RCE CVE-2026-20204 Splunk RCE Vulnerability CVE-2026-20163 Splunk Enterprise Vulnerabilities CVE-2026-20140 Splunk Permission Flaw, Local Privilege Escalation Splunk Vulnerabilities CVE-2024-53247 - Splunk Secure Gateway App CVE-2025-20229 & CVE-2025-20231

Splunk Issues Urgent Fixes for RCE and Clear-Text Token Leaks

Do Son April 16, 2026

Splunk has released a series of security advisories detailing two significant vulnerabilities impacting Splunk Enterprise, Splunk Cloud...

Chrome 147 Update: Google Patches Critical $90,000 ANGLE Flaw and 30 Other Security Gaps Chrome Security Update $90K Bug Bounty

Chrome Security Update $90K Bug Bounty

Chrome 147 Update: Google Patches Critical $90,000 ANGLE Flaw and 30 Other Security Gaps

Do Son April 16, 2026

Google has begun rolling out a high-stakes update for the Chrome stable channel, addressing a total of...

Root Access via Admin: The 9.9 RCE Crisis Threatening Cisco ISE Networks Cisco ISE RCE Identity Services Engine Vulnerability

Cisco ISE RCE Identity Services Engine Vulnerability

Root Access via Admin: The 9.9 RCE Crisis Threatening Cisco ISE Networks

Do Son April 16, 2026

Cisco has issued an urgent security advisory following the discovery of high-stakes vulnerabilities in its Identity Services...

IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform OpenRemote RCE IoT Security

OpenRemote RCE IoT Security

IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform

Do Son April 15, 2026

Security researchers have sounded a major alarm for the internet-of-things (IoT) sector as OpenRemote, a popular 100%...

Critical 9.1 SQL Injection Threatens Vendure Core Stores Vendure SQL Injection Shop API Vulnerability

Vendure SQL Injection Shop API Vulnerability

Critical 9.1 SQL Injection Threatens Vendure Core Stores

Do Son April 15, 2026

Vendure Core, the open-source engine powering the enterprise commerce platform Vendure, has recently addressed a high-severity security...

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground

Do Son April 15, 2026

AVideo, a versatile video streaming platform popular among content creators and businesses for hosting and monetizing content,...

High-Severity Authentication Bypass Discovered in MinIO Storage MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

High-Severity Authentication Bypass Discovered in MinIO Storage

Do Son April 15, 2026

A significant security vulnerability has been identified in MinIO, the high-performance, S3-compatible object storage solution widely used...

Adobe Rushes Patches for Critical ColdFusion RCE and Security Bypasses ColdFusion RCE Adobe Security Patch

ColdFusion RCE Adobe Security Patch

Adobe Rushes Patches for Critical ColdFusion RCE and Security Bypasses

Do Son April 15, 2026

Adobe has released an urgent set of security updates to address multiple vulnerabilities within its ColdFusion 2025...

Critical 9.1 Flaws Hit Fortinet FortiSandbox FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

Critical 9.1 Flaws Hit Fortinet FortiSandbox

Do Son April 15, 2026

Fortinet has issued an urgent advisory regarding two critical vulnerabilities in its FortiSandbox platform—vulnerabilities that could allow...

Active SharePoint Spoofing and Legacy Office RCE: CISA Alerts on New KEV Exploits CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

Active SharePoint Spoofing and Legacy Office RCE: CISA Alerts on New KEV Exploits

Do Son April 15, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, sounding a...

25 Million Users at Risk: Fastify Publicly Discloses PoC Exploit for Single-Space Security Bypass Fastify CVE-2026-33806 Public PoC Exploit

Fastify CVE-2026-33806 Public PoC Exploit

25 Million Users at Risk: Fastify Publicly Discloses PoC Exploit for Single-Space Security Bypass

Do Son April 15, 2026

In the world of web performance, Fastify is a heavyweight, boasting over 25 million monthly downloads and...

OpenStack Keystone Flaw Grants Access to Disabled LDAP Users CVE-2024-44082 - OpenStack Ironic OpenStack Keystone LDAP Identity Service Vulnerability

CVE-2024-44082 - OpenStack Ironic OpenStack Keystone LDAP Identity Service Vulnerability

OpenStack Keystone Flaw Grants Access to Disabled LDAP Users

Do Son April 15, 2026

In the complex machinery of cloud identity management, a single misinterpretation of data can lead to a...