Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →

Powered by CVE WATCHTOWER

×

Vulnerability Report

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs

Do Son January 1, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding a critical safety vulnerability in...

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control CVE-2024-29868 Apache StreamPipes, CVE-2025-47411

CVE-2024-29868 Apache StreamPipes, CVE-2025-47411

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control

Do Son December 31, 2025

The Apache Software Foundation has released a critical fix for StreamPipes, its self-service Industrial IoT toolbox designed...

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

Do Son December 30, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has officially sounded the alarm on a critical vulnerability in...

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

Do Son December 30, 2025

The Cyber Security Agency of Singapore (CSA) has issued an urgent alert regarding a catastrophic vulnerability in...

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login

Do Son December 30, 2025

IBM has issued an urgent security alert for users of its API Connect platform after internal testing...

The iOS 26.2 Trap: New WebKit Integer Overflow Discovered with PoC—Is Your iPhone at Risk? WebKit Integer Overflow, iOS 26.2 RCE CVE-2023-28206 PoC

WebKit Integer Overflow, iOS 26.2 RCE CVE-2023-28206 PoC

The iOS 26.2 Trap: New WebKit Integer Overflow Discovered with PoC—Is Your iPhone at Risk?

Do Son December 29, 2025

Security researcher Joseph Goydish has identified a critical vulnerability within Apple’s WebKit engine, exposing a flaw that...

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory MongoBleed, CVE-2025-14847

MongoBleed, CVE-2025-14847

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory

Do Son December 29, 2025

Database administrators are facing a critical security emergency after the disclosure of a high-severity vulnerability in MongoDB,...

“Headphone Jacking”: Critical Flaws in Popular Earbuds Let Hackers Hijack Your Phone

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

“Headphone Jacking”: Critical Flaws in Popular Earbuds Let Hackers Hijack Your Phone

Do Son December 29, 2025

Your Bluetooth headphones might be doing more than just playing your favorite tunes—they could be handing over...

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear Xspeeder Zero-Day CVE-2025-54322

Xspeeder Zero-Day CVE-2025-54322

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear

Do Son December 29, 2025

A swarm of autonomous AI agents has successfully discovered a critical, unpatched vulnerability in networking gear used...

Critical Flaw in Livewire Exposes Laravel Apps to Stealthy RCE, PoC Releases CVE-2025-54068, Livewire RCE

CVE-2025-54068, Livewire RCE

Critical Flaw in Livewire Exposes Laravel Apps to Stealthy RCE, PoC Releases

Do Son December 26, 2025

Developers relying on Livewire, a cornerstone framework for building dynamic interfaces in Laravel, are facing a severe...

Hackers Revive 2020 FortiGate Flaw to Bypass 2FA Fortinet 2FA Bypass, Case-Sensitivity Exploit CVE-2023-25610 Fortinet SSO Bypass, FortiCloud SAML Flaw

Fortinet 2FA Bypass, Case-Sensitivity Exploit CVE-2023-25610 Fortinet SSO Bypass, FortiCloud SAML Flaw

Hackers Revive 2020 FortiGate Flaw to Bypass 2FA

Do Son December 25, 2025

Fortinet has issued a warning regarding the active exploitation of a three-year-old vulnerability that allows attackers to...

High-Severity Flaws in TeamViewer DEX Allow Attackers to Hijack Nomad Services CVE-2024-0819 TeamViewer DEX Vulnerabilities, CVE-2025-44016

CVE-2024-0819 TeamViewer DEX Vulnerabilities, CVE-2025-44016

High-Severity Flaws in TeamViewer DEX Allow Attackers to Hijack Nomad Services

Do Son December 25, 2025

TeamViewer has issued important security bulletins addressing multiple vulnerabilities across its Digital Employee Experience (DEX) product line...

ChatGPT Atlas Under Guard: OpenAI Fortifies Browser Agent Against “Prompt Injection” Attacks ChatGPT Atlas, Prompt Injection Safeguards

ChatGPT Atlas, Prompt Injection Safeguards

ChatGPT Atlas Under Guard: OpenAI Fortifies Browser Agent Against “Prompt Injection” Attacks

Do Son December 25, 2025

As artificial intelligence begins to browse the web on our behalf, the battleground for security is shifting...

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft LangChain Serialization Injection, CVE-2025-68664

LangChain Serialization Injection, CVE-2025-68664

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft

Do Son December 25, 2025

A critical vulnerability was found in LangChain, the popular open-source framework used to power Large Language Model...

Zimbra Under Siege: High-Severity LFI Vulnerability Exposes Internal Files to Unauthenticated Attackers

Zimbra Under Siege: High-Severity LFI Vulnerability Exposes Internal Files to Unauthenticated Attackers

Do Son December 25, 2025

Administrators of the popular Zimbra Collaboration Suite (ZCS) are being urged to patch immediately after the discovery...

Racing the Zombie: PoC Released for Linux Kernel POSIX Timer Vulnerability (CVE-2025-38352) French Digital Sovereignty Greg Kroah-Hartman AI code review CVE-2025-38352 Linux kernel exploit, Android 32-bit UAF vulnerability CVE-2022-36946 Linux Kernel 6.16, Hardware Support

French Digital Sovereignty Greg Kroah-Hartman AI code review CVE-2025-38352 Linux kernel exploit, Android 32-bit UAF vulnerability CVE-2022-36946 Linux Kernel 6.16, Hardware Support

Racing the Zombie: PoC Released for Linux Kernel POSIX Timer Vulnerability (CVE-2025-38352)

Do Son December 24, 2025

A vulnerability in the Linux kernel’s implementation of POSIX CPU timers has drawn attention following the release...

The Hard-Coded Backdoor: Critical 9.8 Severity NVIDIA Flaws Grant Total Control of AI Systems NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

The Hard-Coded Backdoor: Critical 9.8 Severity NVIDIA Flaws Grant Total Control of AI Systems

Do Son December 24, 2025

NVIDIA has issued an urgent security update for its Isaac Launchable software, patching a trio of critical...

Critical Network Collapse: 9.8 Severity Net-SNMP Buffer Overflow Threatens Global Monitoring Systems Net-SNMP, CVE-2025-68615

Net-SNMP, CVE-2025-68615

Critical Network Collapse: 9.8 Severity Net-SNMP Buffer Overflow Threatens Global Monitoring Systems

Do Son December 24, 2025

A critical security vulnerability has been found in Net-SNMP, the ubiquitous software suite used globally for network...

Operation PCPcat: 60,000 Next.js Servers Hijacked in Just 48 Hours Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Operation PCPcat: 60,000 Next.js Servers Hijacked in Just 48 Hours

Do Son December 24, 2025

A highly automated and ruthlessly efficient cyber-espionage campaign is tearing through the cloud infrastructure of modern web...

Critical Unauthenticated MongoDB Flaw Leaks Sensitive Data via zlib Compression MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

Critical Unauthenticated MongoDB Flaw Leaks Sensitive Data via zlib Compression

Do Son December 23, 2025

A critical vulnerability was disclosed in MongoDB, one of the world’s most popular NoSQL database platforms. The...