Critical Alert 1 Active Exploit Detected Today

CVE-2026-0257 — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability →

Powered by CVE Watchtower

×

Vulnerability

Chrome Zero-Day: Exploit in the Wild and PoC Released Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Zero-Day: Exploit in the Wild and PoC Released

Ddos August 25, 2025

A high-severity zero-day vulnerability in Google Chrome’s V8 JavaScript engine, tracked as CVE-2025-5419, has been exposed, with...

Critical Docker Desktop Vulnerability Exposes Host Systems to Container Abuse Docker Malware Campaign Docker Vulnerability CVE-2025-9074

Docker Malware Campaign Docker Vulnerability CVE-2025-9074

Critical Docker Desktop Vulnerability Exposes Host Systems to Container Abuse

Ddos August 20, 2025

A critical vulnerability in Docker Desktop has been disclosed, tracked as CVE-2025-9074 with a CVSSv4 severity score...

New Zero-Click Flaw Bypasses Microsoft’s Patch, Leaking NTLM Credentials, PoC Available Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

New Zero-Click Flaw Bypasses Microsoft’s Patch, Leaking NTLM Credentials, PoC Available

Ddos August 13, 2025

Cymulate Research Labs has uncovered a critical zero-click NTLM credential leakage vulnerability—CVE-2025-50154—that bypasses Microsoft’s April 2025 patch...

Critical macOS Flaw (CVSS 9.8) Bypasses TCC Without Root Access: PoC Published macOS TCC Bypass, InstallAssistant Vulnerability

macOS TCC Bypass, InstallAssistant Vulnerability

Critical macOS Flaw (CVSS 9.8) Bypasses TCC Without Root Access: PoC Published

Ddos August 11, 2025

Security researcher Zhongquan Li has uncovered a critical flaw in macOS InstallAssistant, tracked as CVE-2025-24103 with a...

Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Connect EV Stations Allows Remote Code Execution

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Connect EV Stations Allows Remote Code Execution

Ddos August 7, 2025

Ubiquiti has issued a comprehensive security advisory addressing multiple vulnerabilities in its UniFi Connect product line, affecting...

VirtualBox VM Escape: Integer Overflow Flaw Allows Full Host Takeover, PoC Published VirtualBox Escape, Integer Overflow

VirtualBox Escape, Integer Overflow

VirtualBox VM Escape: Integer Overflow Flaw Allows Full Host Takeover, PoC Published

Ddos August 6, 2025

Security researcher Juan Jose Lopez Jaimez published the technical details and proof-of-concept exploit code for a vulnerability...

Critical Dell DD OS Flaw (CVSS 9.8) Allows Unauthenticated Remote Access Dell DD OS Vulnerability, Authentication Bypass Dell SmartFabric OS10 Vulnerabilities

Dell DD OS Vulnerability, Authentication Bypass Dell SmartFabric OS10 Vulnerabilities

Critical Dell DD OS Flaw (CVSS 9.8) Allows Unauthenticated Remote Access

Ddos August 5, 2025

Dell Technologies has released an urgent security advisory addressing multiple vulnerabilities affecting its PowerProtect Data Domain Operating...

Critical Rtpengine Flaws (CVE-2025-53399) Allow Audio Interception and Injection in VoIP Calls, PoC Publishes Rtpengine Vulnerabilities, VoIP Security

Rtpengine Vulnerabilities, VoIP Security

Critical Rtpengine Flaws (CVE-2025-53399) Allow Audio Interception and Injection in VoIP Calls, PoC Publishes

Ddos July 31, 2025

Enable Security has disclosed critical vulnerabilities in Rtpengine, a popular media relay component used in Voice over...

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available! SUSE Manager, Remote Code Execution

SUSE Manager, Remote Code Execution

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available!

Ddos July 31, 2025

SUSE has issued a high-severity security advisory for CVE-2025-46811, a critical vulnerability in SUSE Manager that allows...

Elastic APM Server & Beats Have Local Privilege Escalation Flaws Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic APM Server & Beats Have Local Privilege Escalation Flaws

Ddos July 30, 2025

Elastic has issued patches for two local privilege escalation (LPE) vulnerabilities affecting its popular observability tools—APM Server...

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft BentoML SSRF, AI Application Security

BentoML SSRF, AI Application Security

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Ddos July 30, 2025

A severe server-side request forgery (SSRF) vulnerability has been disclosed in BentoML, a widely used Python framework...

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security ASUS MyASUS, Token Theft

ASUS MyASUS, Token Theft

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security

Ddos July 29, 2025

ASUS has issued security updates to patch two vulnerabilities in its MyASUS software, a pre-installed utility application...

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk

Ddos July 29, 2025

Developers relying on CodeIgniter, one of the most widely adopted PHP full-stack web frameworks with over 2.9...

Bitnami Helm Chart Flaw (CVSS 10.0) Exposes Kubernetes Secrets: Publicly Accessible & Exploitable Remotely Bitnami Helm Chart, Kubernetes Secrets

Bitnami Helm Chart, Kubernetes Secrets

Bitnami Helm Chart Flaw (CVSS 10.0) Exposes Kubernetes Secrets: Publicly Accessible & Exploitable Remotely

Ddos July 24, 2025

A critical vulnerability in several Bitnami Helm charts has exposed sensitive Kubernetes secrets to unauthenticated web access,...

Critical Mitel MiVoice MX-ONE Flaw: Unauthenticated Authentication Bypass Exposed Mitel vulnerability Mitel MiVoice MX-ONE, Authentication Bypass

Mitel vulnerability Mitel MiVoice MX-ONE, Authentication Bypass

Critical Mitel MiVoice MX-ONE Flaw: Unauthenticated Authentication Bypass Exposed

Ddos July 24, 2025

Mitel has issued a security advisory addressing a critical-severity vulnerability in the Provisioning Manager component of its...

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770 SharePoint RCE, Metasploit Exploit

SharePoint RCE, Metasploit Exploit

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

Ddos July 23, 2025

A newly released Metasploit module highlights the critical threat posed by an actively exploited remote code execution...

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

Ddos July 23, 2025

SonicWall has issued a critical security advisory for a newly identified vulnerability—CVE-2025-40599—affecting its SMA 100 series appliances,...

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

Ddos July 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Schneider Electric, has issued a security advisory...

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes

Ddos July 22, 2025

The Kubernetes project has issued an important advisory addressing a critical vulnerability—CVE-2025-7342 (CVSS 8.1)—in the Kubernetes Image...

Windows Zero-Day Actively Exploited by Ransomware Gangs – PoC Available!

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Windows Zero-Day Actively Exploited by Ransomware Gangs – PoC Available!

Ddos July 21, 2025

In April 2025, Microsoft issued a critical security patch addressing a serious vulnerability in the Windows Common...