Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →

Powered by CVE WATCHTOWER

×

Vulnerability Report

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign

Do Son November 19, 2025

Security researchers at Oligo Security have uncovered a massive, fast-evolving cyberattack campaign hijacking exposed Ray AI clusters...

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution

Do Son November 19, 2025

D-Link has issued a security advisory warning users of the DIR-878 router series that multiple newly disclosed...

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers METZ CONNECT RCE, Unauthenticated Admin Takeover

METZ CONNECT RCE, Unauthenticated Admin Takeover

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers

Do Son November 19, 2025

METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical...

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass

Do Son November 19, 2025

SolarWinds has released security updates addressing three critical vulnerabilities in Serv-U—its managed file transfer and FTP server...

Critical W3 Total Cache Flaw (CVE-2025-9501, CVSS 9.0) Risks Unauthenticated RCE on 1 Million WordPress Sites W3 Total Cache RCE, Unauthenticated Command Injection

W3 Total Cache RCE, Unauthenticated Command Injection

Critical W3 Total Cache Flaw (CVE-2025-9501, CVSS 9.0) Risks Unauthenticated RCE on 1 Million WordPress Sites

Do Son November 18, 2025

A newly disclosed high-severity security flaw in the widely used W3 Total Cache (W3TC) plugin is putting...

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update

Do Son November 17, 2025

Google has issued an urgent, out-of-band security update for the Chrome Stable channel, addressing two separate Type...

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files CVE-2023-5002 pgAdmin RCE, LDAP Injection

CVE-2023-5002 pgAdmin RCE, LDAP Injection

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files

Do Son November 17, 2025

The pgAdmin development team has issued patches addressing four newly disclosed security vulnerabilities impacting pgAdmin versions up...

High-Severity Memos Flaw (CVE-2024-21635) Allows Hackers to Stay Logged In After Password Change Memos Session Flaw, Token Invalidation

Memos Session Flaw, Token Invalidation

High-Severity Memos Flaw (CVE-2024-21635) Allows Hackers to Stay Logged In After Password Change

Do Son November 17, 2025

The team behind Memos, the privacy-first, self-hosted knowledge base platform, has issued a security advisory for CVE-2024-21635,...

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal IBM AIX RCE, NIM Private Key Leak

IBM AIX RCE, NIM Private Key Leak

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal

Do Son November 17, 2025

IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and...

CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive

Do Son November 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory detailing multiple high-severity vulnerabilities...

Symfony Patches PATH_INFO Parsing Flaw Leading to Authorization Bypass (CVE-2025-64500) Symfony Path Info Flaw, Authorization Bypass

Symfony Path Info Flaw, Authorization Bypass

Symfony Patches PATH_INFO Parsing Flaw Leading to Authorization Bypass (CVE-2025-64500)

Do Son November 15, 2025

The Symfony project has released security updates to address a newly disclosed vulnerability affecting its widely used...

Cisco Warns of High-Severity Privilege Escalation Flaw (CVE-2025-20341) in Catalyst Center Virtual Appliance Cisco Catalyst EoP, CVE-2025-20341

Cisco Catalyst EoP, CVE-2025-20341

Cisco Warns of High-Severity Privilege Escalation Flaw (CVE-2025-20341) in Catalyst Center Virtual Appliance

Do Son November 15, 2025

A newly disclosed high-severity vulnerability in the Cisco Catalyst Center Virtual Appliance could allow attackers with low-level...

ZERO-DAY ATTACK WARNING: Fortinet FortiWeb Exploit Grants Unauthenticated Admin Access!

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

ZERO-DAY ATTACK WARNING: Fortinet FortiWeb Exploit Grants Unauthenticated Admin Access!

Do Son November 14, 2025

Cybersecurity firms are sounding the alarm over a critical vulnerability in Fortinet FortiWeb, the company’s Web Application...

Critical ASUS DSL Router Flaw (CVE-2025-59367, CVSS 9.3) Allows Unauthenticated Remote Access ASUS DSL Router, Authentication Bypass Cyclops Blink malware

ASUS DSL Router, Authentication Bypass Cyclops Blink malware

Critical ASUS DSL Router Flaw (CVE-2025-59367, CVSS 9.3) Allows Unauthenticated Remote Access

Do Son November 14, 2025

ASUS has released an urgent security advisory addressing a critical authentication bypass vulnerability affecting several models in...

High-Severity NVIDIA NeMo Framework Flaws Allow Code Injection and Privilege Escalation in AI Pipelines

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

High-Severity NVIDIA NeMo Framework Flaws Allow Code Injection and Privilege Escalation in AI Pipelines

Do Son November 14, 2025

NVIDIA has released an important security update for its NeMo Framework, addressing two high-severity vulnerabilities that expose...

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days Cisco ISE Zero-Day, Citrix Bleed Two

Cisco ISE Zero-Day, Citrix Bleed Two

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days

Do Son November 14, 2025

The Amazon Threat Intelligence team has uncovered a highly sophisticated threat campaign exploiting multiple zero-day vulnerabilities in...

Critical Zoho Analytics Plus Flaw (CVE-2025-8324, CVSS 9.8) Allows Unauthenticated SQL Injection and Data Takeover Zoho Analytics Plus RCE, Unauthenticated SQLi

Zoho Analytics Plus RCE, Unauthenticated SQLi

Critical Zoho Analytics Plus Flaw (CVE-2025-8324, CVSS 9.8) Allows Unauthenticated SQL Injection and Data Takeover

Do Son November 14, 2025

Zoho Corporation has released an urgent security advisory addressing a critical severity SQL injection vulnerability affecting Analytics...

PAN-OS Flaw (CVE-2025-4619) Allows Unauthenticated Firewall Reboot via Single Crafted Packet PAN-OS DoS, Unauthenticated Reboot

PAN-OS DoS, Unauthenticated Reboot

PAN-OS Flaw (CVE-2025-4619) Allows Unauthenticated Firewall Reboot via Single Crafted Packet

Do Son November 13, 2025

Palo Alto Networks has issued a security advisory for a newly discovered denial-of-service (DoS) vulnerability affecting several...

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking

Do Son November 13, 2025

GitLab has released a new round of security updates for both Community Edition (CE) and Enterprise Edition...

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation

Do Son November 13, 2025

Dell has issued a security advisory warning customers of a critical severity vulnerability affecting Dell Data Lakehouse...