Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →

Powered by CVE WATCHTOWER

×

Vulnerability Report

Angular Alert: Protocol-Relative URLs Leak XSRF Tokens (CVE-2025-66035) Angular, CVE-2025-66035

Angular, CVE-2025-66035

Angular Alert: Protocol-Relative URLs Leak XSRF Tokens (CVE-2025-66035)

Do Son November 27, 2025

The Angular team has issued a high-severity security advisory regarding a logic flaw in the framework’s HTTP...

GitLab Patch: Fixes CI/CD Credential Theft & Unauthenticated DoS Attacks GitLab security updates, GitLab patch release, CVE-2026-6552, CVE-2026-10087, CVE-2026-7250 GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab security updates, GitLab patch release, CVE-2026-6552, CVE-2026-10087, CVE-2026-7250 GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Patch: Fixes CI/CD Credential Theft & Unauthenticated DoS Attacks

Do Son November 26, 2025

GitLab has released an important security update today affecting both its Community Edition (CE) and Enterprise Edition...

Critical Patch: NVIDIA DGX Spark Flaw (CVE-2025-33187, CVSS 9.3) Exposes AI Secrets to Takeover NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

Critical Patch: NVIDIA DGX Spark Flaw (CVE-2025-33187, CVSS 9.3) Exposes AI Secrets to Takeover

Do Son November 26, 2025

NVIDIA has issued an urgent security update for its DGX Spark platform, a compact AI supercomputer designed...

URGENT PATCH REQUIRED: Zenitel TCIV-3+ Intercoms Hit by Multiple Critical Flaws (CVSS 9.8) Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

URGENT PATCH REQUIRED: Zenitel TCIV-3+ Intercoms Hit by Multiple Critical Flaws (CVSS 9.8)

Do Son November 26, 2025

Zenitel has issued an urgent security advisory, also reported by CISA, concerning a set of critical vulnerabilities...

Critical node-forge Flaw (CVE-2025-12816) Allows Signature Verification Bypass via ASN.1 Manipulation (21M Downloads/Week) node-forge Signature Bypass, ASN.1 Vulnerability

node-forge Signature Bypass, ASN.1 Vulnerability

Critical node-forge Flaw (CVE-2025-12816) Allows Signature Verification Bypass via ASN.1 Manipulation (21M Downloads/Week)

Do Son November 26, 2025

CERT/CC has issued a warning about a high-impact cryptographic vulnerability in the Forge JavaScript library — also...

8 Flaws: ASUS Routers Urgently Need Patch for Authentication Bypass (CVE-2025-59366, CVSS 9.4)

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

8 Flaws: ASUS Routers Urgently Need Patch for Authentication Bypass (CVE-2025-59366, CVSS 9.4)

Do Son November 26, 2025

ASUS has released an urgent security update to address a sweeping list of eight potential vulnerabilities in...

ASUS LPE Flaw (CVE-2025-59373): High-Severity Bug Grants SYSTEM Privileges via MyASUS Component ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

ASUS LPE Flaw (CVE-2025-59373): High-Severity Bug Grants SYSTEM Privileges via MyASUS Component

Do Son November 26, 2025

ASUS has released critical security updates addressing a local privilege escalation (LPE) vulnerability in the ASUS System...

CRITICAL: Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs Fluent Bit, Telemetry Agent

Fluent Bit, Telemetry Agent

CRITICAL: Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs

Do Son November 25, 2025

Oligo Security researchers have uncovered a dangerous chain of vulnerabilities in Fluent Bit, the popular, lightweight telemetry...

Apache Syncope Flaw (CVE-2025-65998) Exposes Encrypted User Passwords Due to Hard-Coded AES Key

Apache Syncope Flaw (CVE-2025-65998) Exposes Encrypted User Passwords Due to Hard-Coded AES Key

Do Son November 25, 2025

Apache has issued an important security advisory warning that Apache Syncope, the widely used open-source identity management...

Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE Sneeit Framework RCE, Unauthenticated RCE

Sneeit Framework RCE, Unauthenticated RCE

Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE

Do Son November 25, 2025

A newly disclosed critical vulnerability in the Sneeit Framework — a widely used WordPress plugin powering premium...

High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default Vault LDAP Bypass, Terraform Insecure Default Vault Community Edition - CVE-2024-9180

Vault LDAP Bypass, Terraform Insecure Default Vault Community Edition - CVE-2024-9180

High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default

Do Son November 25, 2025

HashiCorp has released an important security advisory addressing a misconfiguration flaw in the Vault Terraform Provider that...

Critical Unpatched Flaw: Vivotek EOL IP Cameras Exposed to Unauthenticated RCE via Command Injection

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Unpatched Flaw: Vivotek EOL IP Cameras Exposed to Unauthenticated RCE via Command Injection

Do Son November 25, 2025

The Akamai Security Intelligence and Response Team (SIRT) has uncovered a previously undocumented — and still widely...

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover RVR Elettronica Auth Bypass, Broadcast Hardware Flaw

RVR Elettronica Auth Bypass, Broadcast Hardware Flaw

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover

Do Son November 25, 2025

A newly disclosed vulnerability in R.V.R Elettronica’s TEX broadcast hardware has been assigned CVE-2025-63207, scoring 9.8 Critical...

Code Injection Flaws Threaten NVIDIA’s Isaac-GROOT Robotics Platform NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

Code Injection Flaws Threaten NVIDIA’s Isaac-GROOT Robotics Platform

Do Son November 24, 2025

NVIDIA has issued a security update to address two high-severity vulnerabilities in its NVIDIA Isaac-GROOT software. Isaac-GROOT...

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings

Do Son November 24, 2025

A newly disclosed high-severity vulnerability in vLLM—one of the fastest-growing open-source inference engines for large language models—allows...

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481) Tenda Unpatched RCE, Router Command Injection

Tenda Unpatched RCE, Router Command Injection

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481)

Do Son November 24, 2025

The CERT Coordination Center (CERT/CC) has issued a warning about multiple unpatched command injection vulnerabilities affecting Tenda’s...

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius ABB T-MAC Plus vulnerabilities terminal system flaws ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

ABB T-MAC Plus vulnerabilities terminal system flaws ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius

Do Son November 24, 2025

ABB has issued an urgent cybersecurity advisory warning customers of a critical authentication bypass vulnerability in the...

Critical Markdown to PDF Flaw (CVE-2025-65108, CVSS 10.0) Allows RCE via JS Injection in Markdown Front-Matter md-to-pdf RCE, Markdown Command Injection

md-to-pdf RCE, Markdown Command Injection

Critical Markdown to PDF Flaw (CVE-2025-65108, CVSS 10.0) Allows RCE via JS Injection in Markdown Front-Matter

Do Son November 24, 2025

A critical vulnerability (CVE-2025-65108) has been disclosed in the widely used Markdown to PDF npm package, a...

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604) SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604)

Do Son November 22, 2025

SonicWall has released security updates addressing two vulnerabilities in its Email Security appliances, including one that could...

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor

Do Son November 21, 2025

The AhnLab Security Intelligence Center (ASEC) has uncovered an active exploitation campaign in which threat actors weaponized...