Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →

Powered by CVE WATCHTOWER

×

Vulnerability Report

NVIDIA Update: 14 Vulnerabilities Patched in GPU Drivers & vGPU Software

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Update: 14 Vulnerabilities Patched in GPU Drivers & vGPU Software

Do Son July 26, 2025

NVIDIA has released software security updates for its GPU Display Drivers and vGPU software across Windows, Linux,...

Critical Axios Flaw (CVE-2025-54371) in Form-Data Dependency Exposes Millions to HTTP Manipulation Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Critical Axios Flaw (CVE-2025-54371) in Form-Data Dependency Exposes Millions to HTTP Manipulation

Do Son July 25, 2025

Axios, the popular promise-based HTTP client for Node.js and browsers, has been found vulnerable through a critical...

400,000 WordPress Sites at Risk: CVE-2025-24000 in Post SMTP Plugin Allows Full Site Takeover WordPress Vulnerability, Post SMTP

WordPress Vulnerability, Post SMTP

400,000 WordPress Sites at Risk: CVE-2025-24000 in Post SMTP Plugin Allows Full Site Takeover

Do Son July 25, 2025

A vulnerability in the popular Post SMTP WordPress plugin—installed on over 400,000 websites—has been disclosed by Patchstack,...

High-Severity SQL Injection (CVE-2025-52914) in Mitel MiCollab Allows Data Access, Command Execution CVE-2024-35285 & CVE-2024-35286 Mitel MiCollab, SQL Injection Vulnerability

CVE-2024-35285 & CVE-2024-35286 Mitel MiCollab, SQL Injection Vulnerability

High-Severity SQL Injection (CVE-2025-52914) in Mitel MiCollab Allows Data Access, Command Execution

Do Son July 25, 2025

Mitel has released a security advisory addressing a high-severity SQL injection vulnerability in its MiCollab platform—an issue...

High-severity flaw (CVE-2025-8069) in AWS Client VPN for Windows Allows Privilege Escalation

Motorola Smart Feed redirect Anthropic Amazon 5GW partnership Amazon Perplexity lawsuit AWS-LC Vulnerabilities Cryptographic Bypass AWS Middle East drone strikes Amazon layoffs 2026, Amazon AI restructuring Amazon Kindle DRM Policy, Publisher Control EPUB AWS Nova Forge AI Model Customization AWS Trainium3 EC2 Trn3 UltraServer Route 53 Accelerated Recovery AWS DNS Resilience AI Browser War, Amazon Comet Amazon layoffs, cost reduction AWS outage, DynamoDB DNS AWS outage, cloud dependency AWS VPN Client, Root Privilege Escalation WSA shutdown, Amazon Appstore Amazon Wondery, Podcast Restructuring Amazon Q2 2025 Generative AI AWS Client VPN, Privilege Escalation Amazon AI, Wearable AI

High-severity flaw (CVE-2025-8069) in AWS Client VPN for Windows Allows Privilege Escalation

Do Son July 24, 2025

Amazon Web Services (AWS) has released a security patch for a high-severity local privilege escalation vulnerability (CVE-2025-8069)...

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately! SonicWall Firewall CVE-2024-40766 SonicWall SMA Vulnerabilities, Web Interface Flaws

SonicWall Firewall CVE-2024-40766 SonicWall SMA Vulnerabilities, Web Interface Flaws

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately!

Do Son July 24, 2025

SonicWall has released a security updates for its Secure Mobile Access (SMA) 100 series appliances, addressing three...

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

Do Son July 24, 2025

In a recent security advisory coordinated by CERT@VDE, Weidmueller has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX...

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

Archer MR600 command injection WireGuard client configuration Tapo smart device vulnerability unencrypted Bluetooth transmission TP-Link router vulnerability CVE-2026-5509 patch Archer AX53 Vulnerability TP-Link Router Security Tapo C520WS Vulnerability TP-Link Security Patch TP-Link Archer NX Router Vulnerability TP-Link Archer Vulnerability CVE-2025-15568 TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

Do Son July 24, 2025

TP-Link has issued a security advisory warning users of two critical operating system command injection vulnerabilities affecting...

Synology BeeDrive Flaws Allow Code Execution & Arbitrary File Deletion Synology BeeDrive, Local/Remote Code Execution

Synology BeeDrive, Local/Remote Code Execution

Synology BeeDrive Flaws Allow Code Execution & Arbitrary File Deletion

Do Son July 24, 2025

Synology has issued a security update to patch three significant vulnerabilities affecting the BeeDrive desktop application for...

Critical Flaw (CVE-2025-8070) in ASUSTOR Backup & EZSync Allows Local SYSTEM Privilege Escalation ASUSTOR Privilege Escalation, Unquoted Service Paths

ASUSTOR Privilege Escalation, Unquoted Service Paths

Critical Flaw (CVE-2025-8070) in ASUSTOR Backup & EZSync Allows Local SYSTEM Privilege Escalation

Do Son July 24, 2025

A newly disclosed vulnerability in ASUSTOR’s Windows-based applications—ASUSTOR Backup Plan (ABP) and ASUSTOR EZSync (AES)—could allow local...

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE Dahua IP Camera, Buffer Overflow Dahua IP cameras vulnerability

Dahua IP Camera, Buffer Overflow Dahua IP cameras vulnerability

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

Do Son July 24, 2025

Dahua Technology has issued a security advisory addressing two high-severity vulnerabilities in its IP camera product line,...

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise Samsung MagicINFO, Digital Signage Vulnerabilities

Samsung MagicINFO, Digital Signage Vulnerabilities

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Do Son July 24, 2025

Samsung’s widely used MagicINFO 9 Server, a digital signage management platform, was found multi security vulnerabilities. Security...

GitLab Update: High-Severity XSS & Data Exposure Flaws Patched GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Update: High-Severity XSS & Data Exposure Flaws Patched

Do Son July 23, 2025

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing multiple vulnerabilities—including high-severity...

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog CISA KEV, Zero-Day Exploitation

CISA KEV, Zero-Day Exploitation

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

Do Son July 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE Form-Data Vulnerability, Multipart Injection

Form-Data Vulnerability, Multipart Injection

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

Do Son July 23, 2025

A critical vulnerability has been uncovered in the widely used JavaScript library Form-Data, impacting millions of applications...

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706) Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706)

Do Son July 23, 2025

Last week, the Microsoft Security Response Center (MSRC) issued an urgent advisory regarding active exploitation of critical...

Google Patches Two High-Severity V8 Vulnerabilities (CVE-2025-8010, CVE-2025-8011) in Chrome

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Patches Two High-Severity V8 Vulnerabilities (CVE-2025-8010, CVE-2025-8011) in Chrome

Do Son July 23, 2025

Google has released a new Stable Channel Update for Chrome Desktop, bringing the browser to version 138.0.7204.168/.169...

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover Manager.io SSRF, Accounting Software Vulnerability

Manager.io SSRF, Accounting Software Vulnerability

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Do Son July 23, 2025

A newly disclosed critical vulnerability in Manager.io, a free accounting software used by businesses across Australia and...

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately! Cisco ISE Exploitation

Cisco ISE Exploitation

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately!

Do Son July 22, 2025

Cisco has issued an urgent update to its security advisory, revealing that three critical remote code execution...

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes Sophos Firewall, Remote Code Execution

Sophos Firewall, Remote Code Execution

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes

Do Son July 22, 2025

Sophos has issued a security advisory detailing the remediation of five vulnerabilities in Sophos Firewall, including two...