Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →
Powered by CVE WATCHTOWER
×
June 10, 2026

Vulnerability Report

Researcher Details Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw (CVE-2025-55680) Cloud Files Driver LPE, TOCTOU Race Condition

Researcher Details Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw (CVE-2025-55680)

Do Son October 30, 2025 0
Researchers from Exodus Intelligence, led by Michele Campa, have disclosed a privilege-escalation vulnerability in Microsoft’s Cloud Files...
Read More Read more about Researcher Details Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw (CVE-2025-55680)
CISA KEV Alert: Critical DELMIA Apriso Flaws Under Active Exploitation Allow RCE and Privileged Access actively exploited vulnerabilities Android privilege escalation flaw DELMIA Apriso RCE, CISA KEV Exploitation ServiceNow Vulnerabilities

CISA KEV Alert: Critical DELMIA Apriso Flaws Under Active Exploitation Allow RCE and Privileged Access

Do Son October 29, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Dassault Systèmes DELMIA Apriso vulnerabilities to...
Read More Read more about CISA KEV Alert: Critical DELMIA Apriso Flaws Under Active Exploitation Allow RCE and Privileged Access
Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics Maximo Cognos Bypass, CVE-2025-36386

Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics

Do Son October 29, 2025 0
IBM has issued a critical security advisory warning customers of a high-severity vulnerability (CVE-2025-36386, CVSS 9.8) in...
Read More Read more about Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics
Wear OS Messages Flaw (CVE-2025-12080) Allows Unprivileged Apps to Send SMS/RCS Without Permission, PoC Available Wear OS Messages Intent, Confused Deputy SMS

Wear OS Messages Flaw (CVE-2025-12080) Allows Unprivileged Apps to Send SMS/RCS Without Permission, PoC Available

Do Son October 29, 2025 0
Security researcher Gabriele Digregorio has disclosed a newly identified vulnerability in Google Messages for Wear OS, designated...
Read More Read more about Wear OS Messages Flaw (CVE-2025-12080) Allows Unprivileged Apps to Send SMS/RCS Without Permission, PoC Available
Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE Magento SessionReaper, RCE Exploitation

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE

Do Son October 29, 2025 0
The Akamai Security Intelligence Group has issued an urgent warning after observing active exploitation in the wild...
Read More Read more about Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE
Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig MikroTik HTTP Credential Leak, WebFig MitM CVE-2025-61481

Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig

Do Son October 29, 2025 0
A newly disclosed vulnerability, CVE-2025-61481, rated a maximum CVSS score of 10.0, affects MikroTik RouterOS (v7.14.2) and...
Read More Read more about Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig
Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign spyware

Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign

Do Son October 28, 2025 0
Researchers at Kaspersky uncovered a sophisticated espionage campaign exploiting a zero-day vulnerability in Google Chrome and delivering...
Read More Read more about Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign
High-Severity OpenVPN Flaw (CVE-2025-10680) Allows Script Injection on Linux/macOS via Malicious DNS Server OpenVPN Script Injection CVE-2025-10680

High-Severity OpenVPN Flaw (CVE-2025-10680) Allows Script Injection on Linux/macOS via Malicious DNS Server

Do Son October 28, 2025 0
Security researchers have disclosed a high-severity vulnerability, tracked as CVE-2025-10680 (CVSS 8.8), affecting OpenVPN 2.7_alpha1 through 2.7_beta1...
Read More Read more about High-Severity OpenVPN Flaw (CVE-2025-10680) Allows Script Injection on Linux/macOS via Malicious DNS Server
Apache Tomcat Patches URL Rewrite Bypass (CVE-2025-55752) Risking RCE and Console ANSI Injection Tomcat URL Rewrite Bypass, ANSI Escape Injection

Apache Tomcat Patches URL Rewrite Bypass (CVE-2025-55752) Risking RCE and Console ANSI Injection

Do Son October 28, 2025 0
The Apache Software Foundation has released multiple security patches for Apache Tomcat, addressing three newly disclosed vulnerabilities...
Read More Read more about Apache Tomcat Patches URL Rewrite Bypass (CVE-2025-55752) Risking RCE and Console ANSI Injection
CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection

Do Son October 27, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for two high-severity vulnerabilities affecting the...
Read More Read more about CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection
OpenWrt Patches ubusd RCE Flaw (CVE-2025-62526) and Kernel Memory Leak (CVE-2025-62525) in DSL Driver OpenWrt Ubusd RCE, Kernel Memory Leak

OpenWrt Patches ubusd RCE Flaw (CVE-2025-62526) and Kernel Memory Leak (CVE-2025-62525) in DSL Driver

Do Son October 27, 2025 0
The OpenWrt Project has patched two high-severity vulnerabilities affecting its Linux-based firmware for embedded devices. The flaws,...
Read More Read more about OpenWrt Patches ubusd RCE Flaw (CVE-2025-62526) and Kernel Memory Leak (CVE-2025-62525) in DSL Driver
CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover AutomationDirect Critical RCE, PLC Vulnerabilities

CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover

Do Son October 26, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of multiple high-severity vulnerabilities affecting...
Read More Read more about CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover