Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →

Powered by CVE WATCHTOWER

×

Vulnerability Report

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass

Do Son June 17, 2025

Gamers and PC enthusiasts relying on ASUS Armoury Crate to manage their high-performance systems are urged to...

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign Team46 APT, Google Chrome Zero-Day

Team46 APT, Google Chrome Zero-Day

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign

Do Son June 17, 2025

In a major revelation, the Threat Intelligence Department of the Positive Technologies Expert Security Center (PT ESC)...

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments MCP Inspector, RCE Vulnerability

MCP Inspector, RCE Vulnerability

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

Do Son June 17, 2025

A newly disclosed security flaw in the MCP Inspector, a tool designed to test and debug Machine...

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer sslh Vulnerabilities, DoS Attack

sslh Vulnerabilities, DoS Attack

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer

Do Son June 17, 2025

In June 2025, the SUSE Security Team disclosed critical vulnerabilities in sslh, a lightweight protocol multiplexer used...

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed Apache Tomcat Vulnerabilities

Apache Tomcat Vulnerabilities

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed

Do Son June 17, 2025

The Apache Software Foundation has disclosed four security vulnerabilities affecting multiple versions of Apache Tomcat, the widely...

Zero-Click to Root: CISA Flags Active Exploits in Apple iOS and TP-Link Routers zero

zero

Zero-Click to Root: CISA Flags Active Exploits in Apple iOS and TP-Link Routers

Do Son June 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-risk vulnerabilities to its Known Exploited...

OneLogin AD Connector Flaw Exposes Credentials & Allows Account Impersonation OneLogin Vulnerability, Active Directory Hack

OneLogin Vulnerability, Active Directory Hack

OneLogin AD Connector Flaw Exposes Credentials & Allows Account Impersonation

Do Son June 17, 2025

A recent investigation by SpecterOps has uncovered a chain of critical vulnerabilities in OneLogin’s Active Directory (AD)...

PoCGen: AI Tool Automates Exploit Generation for npm Vulnerabilities with LLMs PoCGen, LLM Exploit Generation

PoCGen, LLM Exploit Generation

PoCGen: AI Tool Automates Exploit Generation for npm Vulnerabilities with LLMs

Do Son June 17, 2025

A tool named PoCGen is revolutionizing how the security community generates Proof-of-Concept (PoC) exploits for vulnerabilities in...

Zyxel Firewalls Under Attack via Critical CVE-2023-28771 Zyxel Firewall, CVE-2023-28771

Zyxel Firewall, CVE-2023-28771

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

Do Son June 17, 2025

A sudden and coordinated wave of exploit attempts targeting a critical vulnerability in Zyxel firewalls has been...

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet CVE-2025-3248 PoC script execution

CVE-2025-3248 PoC script execution

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

Do Son June 16, 2025

Trend Micro has uncovered an active and sophisticated campaign exploiting a critical remote code execution (RCE) vulnerability...

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks Blink Router, Critical Vulnerabilities

Blink Router, Critical Vulnerabilities

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

Do Son June 16, 2025

Five critical vulnerabilities—each scoring a CVSS of 9.8—have been disclosed in multiple models of Blink routers BL,...

CVE-2025-6029 & CVE-2025-6030: Replay Attacks Expose Vulnerabilities in KIA and Autoeastern Smart Keyless Entry Systems KIA

KIA

CVE-2025-6029 & CVE-2025-6030: Replay Attacks Expose Vulnerabilities in KIA and Autoeastern Smart Keyless Entry Systems

Do Son June 16, 2025

An independent hardware security researcher Danilo Erazo has unveiled two critical-severity vulnerabilities—CVE-2025-6029 and CVE-2025-6030—affecting smart keyless entry...

Privilege Escalation Flaw in IBM Backup Services Threatens IBM i Environments (CVE-2025-33108) IBM BRMS, Privilege Escalation

IBM BRMS, Privilege Escalation

Privilege Escalation Flaw in IBM Backup Services Threatens IBM i Environments (CVE-2025-33108)

Do Son June 16, 2025

IBM has disclosed a high-severity vulnerability affecting its Backup, Recovery, and Media Services (BRMS) for IBM i...

Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation

Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation

Do Son June 15, 2025

Researchers at NetSPI detailed a spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI). This flaw, while...

Windows SMB Flaw (CVE-2025-33073): SYSTEM Privilege Escalation via Kerberos, PoC Available Windows SMB, Privilege Escalation

Windows SMB, Privilege Escalation

Windows SMB Flaw (CVE-2025-33073): SYSTEM Privilege Escalation via Kerberos, PoC Available

Do Son June 14, 2025

A newly disclosed security vulnerability in the Windows SMB client, tracked as CVE-2025-33073, has raised significant concerns...

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys Grafana Vulnerability, DingDing CVE-2023-3128

Grafana Vulnerability, DingDing CVE-2023-3128

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

Do Son June 14, 2025

Grafana Labs has released a round of security patches to address CVE-2025-3415, a medium-severity vulnerability (CVSS 4.3)...

Mitel OpenScape Flaw (CVE-2025-23092): High-Severity Path Traversal Allows Admin RCE Mitel OpenScape, Path Traversal

Mitel OpenScape, Path Traversal

Mitel OpenScape Flaw (CVE-2025-23092): High-Severity Path Traversal Allows Admin RCE

Do Son June 14, 2025

A newly disclosed vulnerability in Mitel’s OpenScape Accounting Management platform has been assigned CVE-2025-23092 and rated High...

EchoLeak: First AI Zero-Click Vulnerability Leaks Data from Microsoft 365 Copilot AI Security, Data Exfiltration

AI Security, Data Exfiltration

EchoLeak: First AI Zero-Click Vulnerability Leaks Data from Microsoft 365 Copilot

Do Son June 13, 2025

In the age of artificial intelligence, a multitude of AI agents has emerged, yet their rapid proliferation...

CVE-2025-5491: Acer Control Center Bug Allows Remote Code Execution as NT AUTHORITY\SYSTEM Acer ControlCenter, Privilege Escalation

Acer ControlCenter, Privilege Escalation

CVE-2025-5491: Acer Control Center Bug Allows Remote Code Execution as NT AUTHORITY\SYSTEM

Do Son June 13, 2025

Acer has released a critical security update addressing a newly disclosed local privilege escalation vulnerability in its...

CVE-2024-9404: Remote DoS Vulnerability Found in Moxa Industrial Switches Moxa Switches, DoS Vulnerability

Moxa Switches, DoS Vulnerability

CVE-2024-9404: Remote DoS Vulnerability Found in Moxa Industrial Switches

Do Son June 13, 2025

Moxa has issued a high-severity security advisory for a newly discovered vulnerability—CVE-2024-9404—that affects its widely deployed PT-G7728...