Critical Alert 3 Active Exploits Detected Today

CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability →
CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability →
CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability →
Powered by CVE Watchtower
×

Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →
Powered by CVE WATCHTOWER
×
June 10, 2026

Critical Vulnerability

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking

Do Son November 11, 2025 0
Devolutions, a leading provider of privileged access management (PAM) and remote connection solutions, has released an urgent...
Read More Read more about Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking
Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials

Do Son November 11, 2025 0
A critical configuration flaw (CVE-2025-59396) has been discovered in WatchGuard Firebox devices, allowing remote attackers to gain...
Read More Read more about Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials
Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server Smallworld Auth Bypass, GE Vernova ICS Flaw

Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server

Do Son November 11, 2025 0
GE Vernova’s Electrification Software division has released a critical security advisory addressing a high-severity authentication vulnerability (CVE-2025-3222)...
Read More Read more about Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server
High-Severity Cisco ISE Flaw (CVE-2025-20343) Allows Unauthenticated DoS via Crafted RADIUS Requests Cisco ISE RADIUS DoS, CVE-2025-20343

High-Severity Cisco ISE Flaw (CVE-2025-20343) Allows Unauthenticated DoS via Crafted RADIUS Requests

Do Son November 7, 2025 0
Cisco has released a security update to address a high-severity vulnerability (CVE-2025-20343, CVSS 8.6) affecting its Identity...
Read More Read more about High-Severity Cisco ISE Flaw (CVE-2025-20343) Allows Unauthenticated DoS via Crafted RADIUS Requests
Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor

Do Son November 6, 2025 0
Cisco has released urgent security updates to address two critical vulnerabilities in its Unified Contact Center Express...
Read More Read more about Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor
Django Team Patches High-Severity SQL Injection Flaw (CVE-2025-64459) and DoS Bug (CVE-2025-64458) in Latest Security Update Django SQL Injection, CVE-2025-64459

Django Team Patches High-Severity SQL Injection Flaw (CVE-2025-64459) and DoS Bug (CVE-2025-64458) in Latest Security Update

Do Son November 6, 2025 0
The Django Software Foundation (DSF) has released new security updates for multiple branches of the Django web...
Read More Read more about Django Team Patches High-Severity SQL Injection Flaw (CVE-2025-64459) and DoS Bug (CVE-2025-64458) in Latest Security Update
CISA Warns: Critical VizAir Flaws (CVSS 10.0) Expose Airport Weather Systems to Unauthenticated Manipulation VizAir RCE, Airport Weather Manipulation

CISA Warns: Critical VizAir Flaws (CVSS 10.0) Expose Airport Weather Systems to Unauthenticated Manipulation

Do Son November 6, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory detailing three vulnerabilities in the...
Read More Read more about CISA Warns: Critical VizAir Flaws (CVSS 10.0) Expose Airport Weather Systems to Unauthenticated Manipulation
CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover Survision LPR Auth Bypass, CVE-2025-12108

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover

Do Son November 6, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting...
Read More Read more about CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover
Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server React Native RCE, Metro Server Flaw

Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server

Do Son November 5, 2025 0
A newly disclosed critical vulnerability (CVE-2025-11953, CVSS 9.8) in the React Native Community CLI exposes developers to...
Read More Read more about Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server
Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect ShopLentor LFI RCE, WooCommerce Plugin Flaw

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect

Do Son November 5, 2025 0
A critical-severity Local File Inclusion (LFI) flaw in the popular WordPress plugin ShopLentor – WooCommerce Builder for...
Read More Read more about Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect
Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover

Do Son November 1, 2025 0
An extremely severe security vulnerability has been discovered and is being actively exploited in the Jobmonster –...
Read More Read more about Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover
Researcher Details Critical Authentication Bypasses in WSO2 API Manager and Identity Server WSO2 Critical Auth Bypass, Regex Flaw

Researcher Details Critical Authentication Bypasses in WSO2 API Manager and Identity Server

Do Son October 30, 2025 0
Security researcher Crnkovic has disclosed three critical vulnerabilities β€” CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804 β€” in WSO2 API...
Read More Read more about Researcher Details Critical Authentication Bypasses in WSO2 API Manager and Identity Server
CISA KEV Alert: Critical DELMIA Apriso Flaws Under Active Exploitation Allow RCE and Privileged Access actively exploited vulnerabilities Android privilege escalation flaw DELMIA Apriso RCE, CISA KEV Exploitation ServiceNow Vulnerabilities

CISA KEV Alert: Critical DELMIA Apriso Flaws Under Active Exploitation Allow RCE and Privileged Access

Do Son October 29, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Dassault Systèmes DELMIA Apriso vulnerabilities to...
Read More Read more about CISA KEV Alert: Critical DELMIA Apriso Flaws Under Active Exploitation Allow RCE and Privileged Access
Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics Maximo Cognos Bypass, CVE-2025-36386

Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics

Do Son October 29, 2025 0
IBM has issued a critical security advisory warning customers of a high-severity vulnerability (CVE-2025-36386, CVSS 9.8) in...
Read More Read more about Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics
Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig MikroTik HTTP Credential Leak, WebFig MitM CVE-2025-61481

Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig

Do Son October 29, 2025 0
A newly disclosed vulnerability, CVE-2025-61481, rated a maximum CVSS score of 10.0, affects MikroTik RouterOS (v7.14.2) and...
Read More Read more about Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig
CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection

Do Son October 27, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for two high-severity vulnerabilities affecting the...
Read More Read more about CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection