Critical Alert 1 Active Exploit Detected Today

CVE-2026-9082 — Drupal Core SQL Injection Vulnerability →

Powered by CVE Watchtower

×

Account Takeover

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover bui

bui

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover

Ddos May 20, 2026

Sentry’s 9.1 CVSS SSO Flaw Lets Attackers “Link” Their Way Into Your Account Sentry SAML SSO Bypass CVE-2026-42354

Sentry SAML SSO Bypass CVE-2026-42354

Sentry’s 9.1 CVSS SSO Flaw Lets Attackers “Link” Their Way Into Your Account

Ddos May 4, 2026

CVE-2026-29200: A 9.9 CVSS Comet Backup Flaw Granting Total Cross-Tenant Takeover Comet Backup IDOR Cross-Tenant Takeover

Comet Backup IDOR Cross-Tenant Takeover

CVE-2026-29200: A 9.9 CVSS Comet Backup Flaw Granting Total Cross-Tenant Takeover

Ddos May 4, 2026

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover WordPress Account Takeover CVE-2026-7567

WordPress Account Takeover CVE-2026-7567

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover

Ddos May 2, 2026

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground

Ddos April 15, 2026

Attackers Weaponize Mailbox Rules to Control Your Inbox M365 Persistence Malicious Mailbox Rules

M365 Persistence Malicious Mailbox Rules

Attackers Weaponize Mailbox Rules to Control Your Inbox

Ddos April 15, 2026

Cisco Issues Urgent Patch for Critical IMC Auth Bypass: A CVSS 9.8 Wake-Up Call Cisco IMC Vulnerability CVE-2026-20093 CVE-2024-20401 Cisco IOS XE Privilege Escalation

Cisco IMC Vulnerability CVE-2026-20093 CVE-2024-20401 Cisco IOS XE Privilege Escalation

Cisco Issues Urgent Patch for Critical IMC Auth Bypass: A CVSS 9.8 Wake-Up Call

Ddos April 2, 2026

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp

Ddos March 10, 2026

1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover

Ddos March 9, 2026

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers Vikunja Persistent Takeover CVE-2026-28268

Vikunja Persistent Takeover CVE-2026-28268

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers

Ddos March 2, 2026

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers RustFS XSS Vulnerability CVE-2026-27822

RustFS XSS Vulnerability CVE-2026-27822

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers

Ddos February 27, 2026

Algorithm Confusion: Critical 9.1 Flaw in Parse Server Allows Instant Google Account Takeover CVE-2023-36475 Parse Server JWT Bypass CVE-2026-27804

CVE-2023-36475 Parse Server JWT Bypass CVE-2026-27804

Algorithm Confusion: Critical 9.1 Flaw in Parse Server Allows Instant Google Account Takeover

Ddos February 26, 2026

“CL Suite” Deception: Malicious Chrome Extension Steals 2FA Secrets and Meta Business Data CL Suite Malicious Extension Meta Business Suite Security

CL Suite Malicious Extension Meta Business Suite Security

“CL Suite” Deception: Malicious Chrome Extension Steals 2FA Secrets and Meta Business Data

Ddos February 17, 2026

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust Telegram Phishing Account Takeover

Telegram Phishing Account Takeover

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust

Ddos February 13, 2026

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts

Archer AX53 Vulnerability TP-Link Router Security Tapo C520WS Vulnerability TP-Link Security Patch TP-Link Archer NX Router Vulnerability TP-Link Archer Vulnerability CVE-2025-15568 TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts

Ddos January 29, 2026

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover Academy LMS Vulnerability CVE-2025-15521

Academy LMS Vulnerability CVE-2025-15521

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover

Ddos January 22, 2026

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA

Ddos January 15, 2026

Critical Appsmith Flaw CVE-2026-22794 Allows Account Takeover CVE-2026-24042 Appsmith Vulnerability CVE-2026-22794

CVE-2026-24042 Appsmith Vulnerability CVE-2026-22794

Critical Appsmith Flaw CVE-2026-22794 Allows Account Takeover

Ddos January 14, 2026

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes CVE-2023-39526 PrestaShop

CVE-2023-39526 PrestaShop

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes

Ddos January 5, 2026

Search Engine “Malvertising” Ring Disrupted: DOJ Seizes Backend of $14.6 Million Bank Fraud Scheme Malvertising ATO

Malvertising ATO

Search Engine “Malvertising” Ring Disrupted: DOJ Seizes Backend of $14.6 Million Bank Fraud Scheme

Ddos December 24, 2025