Critical Alert 1 Active Exploit Detected Today

CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability →
Powered by CVE Watchtower
×
June 7, 2026

Authentication Bypass

Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server Smallworld Auth Bypass, GE Vernova ICS Flaw

Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server

Do Son November 11, 2025 0
GE Vernova’s Electrification Software division has released a critical security advisory addressing a high-severity authentication vulnerability (CVE-2025-3222)...
Read More Read more about Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server
Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor

Do Son November 6, 2025 0
Cisco has released urgent security updates to address two critical vulnerabilities in its Unified Contact Center Express...
Read More Read more about Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor
CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover Survision LPR Auth Bypass, CVE-2025-12108

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover

Do Son November 6, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting...
Read More Read more about CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover
Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover

Do Son November 1, 2025 0
An extremely severe security vulnerability has been discovered and is being actively exploited in the Jobmonster –...
Read More Read more about Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover
Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics Maximo Cognos Bypass, CVE-2025-36386

Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics

Do Son October 29, 2025 0
IBM has issued a critical security advisory warning customers of a high-severity vulnerability (CVE-2025-36386, CVSS 9.8) in...
Read More Read more about Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics
Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication UniFi Access Bypass, CVE-2025-52665

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication

Do Son October 27, 2025 0
Ubiquiti has released a security update to address a critical authentication bypass vulnerability (CVE-2025-52665) in its UniFi...
Read More Read more about Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication
CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access Raisecom Critical Auth Bypass, EoL Router

CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access

Do Son October 23, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical authentication bypass vulnerability...
Read More Read more about CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access
Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret

Do Son October 20, 2025 0
Moxa, a leading manufacturer of industrial networking and security appliances, has released an urgent security advisory addressing...
Read More Read more about Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret
Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config ROS# Path Traversal CVE-2026-41551 Siemens SIMATIC Auth Bypass, CVE-2025-40771 CVE-2024-22039 & CVE-2024-49775 CVE-2024-56336

Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config

Do Son October 15, 2025 0
Siemens has released a critical security update for its SIMATIC ET 200SP communication processors, addressing an authentication...
Read More Read more about Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config
Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin

Do Son October 8, 2025 0
Security researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass vulnerability in...
Read More Read more about Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin
Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication Termix

Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication

Do Son October 2, 2025 0
The Termix project has disclosed a critical authentication bypass vulnerability in its official Docker image, exposing sensitive...
Read More Read more about Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication