Critical Alert 3 Active Exploits Detected Today

CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability →
CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability →
CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability →
Powered by CVE Watchtower
×

Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →
Powered by CVE WATCHTOWER
×
June 10, 2026

Critical Vulnerability

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication UniFi Access Bypass, CVE-2025-52665

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication

Do Son October 27, 2025 0
Ubiquiti has released a security update to address a critical authentication bypass vulnerability (CVE-2025-52665) in its UniFi...
Read More Read more about Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication
CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover AutomationDirect Critical RCE, PLC Vulnerabilities

CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover

Do Son October 26, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of multiple high-severity vulnerabilities affecting...
Read More Read more about CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover
ISC Patches Multiple High-Severity BIND Vulnerabilities Enabling Cache Poisoning and Denial of Service Attacks BIND 9 Vulnerability CVE-2025-13878 BIND Cache Poisoning, DNS RCE BIND Vulnerabilities, DNS Security BIND 9 vulnerabilities BIND vulnerability, DNS server crash

ISC Patches Multiple High-Severity BIND Vulnerabilities Enabling Cache Poisoning and Denial of Service Attacks

Do Son October 23, 2025 0
The Internet Systems Consortium (ISC) has issued patches for three high-severity vulnerabilities impacting the BIND 9 DNS...
Read More Read more about ISC Patches Multiple High-Severity BIND Vulnerabilities Enabling Cache Poisoning and Denial of Service Attacks
Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available WSUS Deserialization RCE, CVE-2025-59287

Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available

Do Son October 23, 2025 0
Security researcher Batuhan Er from HawkTrace has detailed a critical remote code execution (RCE) vulnerability in Microsoft...
Read More Read more about Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available
CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access Raisecom Critical Auth Bypass, EoL Router

CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access

Do Son October 23, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical authentication bypass vulnerability...
Read More Read more about CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access
Critical Sauter AG Flaw (CVE-2025-41723, CVSS 9.8) Allows Unauthenticated File Upload via SOAP Interface Sauter Critical Directory Traversal, Hard-Coded Certificate

Critical Sauter AG Flaw (CVE-2025-41723, CVSS 9.8) Allows Unauthenticated File Upload via SOAP Interface

Do Son October 22, 2025 0
Swiss building automation manufacturer Sauter AG has disclosed six vulnerabilities in the embedded firmware of its modulo...
Read More Read more about Critical Sauter AG Flaw (CVE-2025-41723, CVSS 9.8) Allows Unauthenticated File Upload via SOAP Interface
Critical ABB Flaw (CVE-2025-9574, CVSS 9.9) Exposes EoL Load Controllers to Unauthenticated Admin Access ABB Missing Authentication, EoL ICS

Critical ABB Flaw (CVE-2025-9574, CVSS 9.9) Exposes EoL Load Controllers to Unauthenticated Admin Access

Do Son October 22, 2025 0
Industrial automation giant ABB has disclosed a critical missing authentication vulnerability (CVE-2025-9574) affecting its ALS-mini-S4/S8 IP intelligent...
Read More Read more about Critical ABB Flaw (CVE-2025-9574, CVSS 9.9) Exposes EoL Load Controllers to Unauthenticated Admin Access
WSO2 Fixes Two Critical Access Control Vulnerabilities (CVE-2025-9804, CVE-2025-10611) Affecting API Manager and Identity Server WSO2 Access Control, Critical API Flaws

WSO2 Fixes Two Critical Access Control Vulnerabilities (CVE-2025-9804, CVE-2025-10611) Affecting API Manager and Identity Server

Do Son October 22, 2025 0
The WSO2 project has released urgent security advisories addressing two critical access control vulnerabilitiesβ€”CVE-2025-9804 and CVE-2025-10611β€”that affect...
Read More Read more about WSO2 Fixes Two Critical Access Control Vulnerabilities (CVE-2025-9804, CVE-2025-10611) Affecting API Manager and Identity Server
Urgent Patch: Critical Lanscope Endpoint Manager RCE (CVE-2025-61932, CVSS 9.8) Under Active Exploitation Lanscope RCE, CVE-2025-61932

Urgent Patch: Critical Lanscope Endpoint Manager RCE (CVE-2025-61932, CVSS 9.8) Under Active Exploitation

Do Son October 21, 2025 0
JPCERT/CC and the developer MOTEX Inc. have issued an urgent advisory for a critical remote code execution...
Read More Read more about Urgent Patch: Critical Lanscope Endpoint Manager RCE (CVE-2025-61932, CVSS 9.8) Under Active Exploitation
Critical TP-Link Omada Gateway Flaw (CVE-2025-6542, CVSS 9.3) Allows Unauthenticated Remote Command Execution Archer MR600 command injection WireGuard client configuration Tapo smart device vulnerability unencrypted Bluetooth transmission TP-Link router vulnerability CVE-2026-5509 patch Archer AX53 Vulnerability TP-Link Router Security Tapo C520WS Vulnerability TP-Link Security Patch TP-Link Archer NX Router Vulnerability TP-Link Archer Vulnerability CVE-2025-15568 TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

Critical TP-Link Omada Gateway Flaw (CVE-2025-6542, CVSS 9.3) Allows Unauthenticated Remote Command Execution

Do Son October 21, 2025 0
TP-Link Systems has released a new firmware update addressing four high- and critical-severity vulnerabilities in its popular...
Read More Read more about Critical TP-Link Omada Gateway Flaw (CVE-2025-6542, CVSS 9.3) Allows Unauthenticated Remote Command Execution
Critical Squid Proxy Flaw (CVE-2025-62168, CVSS 10.0) Leaks HTTP Credentials and Security Tokens via Error Handling Squid Credentials Leak, HTTP Authentication Redaction CVE-2024-25111

Critical Squid Proxy Flaw (CVE-2025-62168, CVSS 10.0) Leaks HTTP Credentials and Security Tokens via Error Handling

Do Son October 20, 2025 0
The developers of Squid, the widely used open-source caching proxy for web traffic acceleration, have disclosed and...
Read More Read more about Critical Squid Proxy Flaw (CVE-2025-62168, CVSS 10.0) Leaks HTTP Credentials and Security Tokens via Error Handling
Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret

Do Son October 20, 2025 0
Moxa, a leading manufacturer of industrial networking and security appliances, has released an urgent security advisory addressing...
Read More Read more about Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret
Critical ConnectWise Automate Flaw (CVE-2025-11492, CVSS 9.6) Allows RMM Agent Man-in-the-Middle Attack ConnectWise RMM MitM, Agent Communications

Critical ConnectWise Automate Flaw (CVE-2025-11492, CVSS 9.6) Allows RMM Agent Man-in-the-Middle Attack

Do Son October 17, 2025 0
ConnectWise has released a critical security update for its Automate remote monitoring and management (RMM) platform, addressing...
Read More Read more about Critical ConnectWise Automate Flaw (CVE-2025-11492, CVSS 9.6) Allows RMM Agent Man-in-the-Middle Attack
CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation CVE-2021-1435 Adobe AEM RCE, CVE-2025-54253

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation

Do Son October 16, 2025 0
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager (AEM) vulnerability to...
Read More Read more about CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation
Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs CVE-2023-0614 Samba RCE, CVE-2025-10230

Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs

Do Son October 16, 2025 0
The Samba Team has released an urgent security advisory addressing two vulnerabilities, including a critical command injection...
Read More Read more about Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs
Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution

Do Son October 16, 2025 0
The Apache Software Foundation has issued a new security advisory addressing a critical vulnerability in Apache ActiveMQ’s...
Read More Read more about Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution
Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config ROS# Path Traversal CVE-2026-41551 Siemens SIMATIC Auth Bypass, CVE-2025-40771 CVE-2024-22039 & CVE-2024-49775 CVE-2024-56336

Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config

Do Son October 15, 2025 0
Siemens has released a critical security update for its SIMATIC ET 200SP communication processors, addressing an authentication...
Read More Read more about Critical Siemens Flaw CVE-2025-40771 (CVSS 9.8) Allows Unauthenticated Remote Access to SIMATIC CP Config
Critical Rockwell NAT Router Flaw (CVE-2025-7328, CVSS 10.0) Allows Unauthenticated Admin Takeover Rockwell Automation Warning OT Security Rockwell SQLi, Industrial Safety DoS Verve Asset Manager API OT Privilege Escalation Rockwell NAT Router, Critical Auth Bypass Rockwell ICS Privilege Escalation, MSI Repair Attack CVE-2025-7353 Critical vulnerability, industrial control systems Rockwell vulnerability, ICS security Rockwell Arena, Memory Abuse Rockwell Automation, RCE Vulnerability CVE-2025-24479 and CVE-2025-24480 - CVE-2025-0477

Critical Rockwell NAT Router Flaw (CVE-2025-7328, CVSS 10.0) Allows Unauthenticated Admin Takeover

Do Son October 15, 2025 0
Rockwell Automation has published a new security advisory warning customers about three vulnerabilities affecting its 1783-NATR Network...
Read More Read more about Critical Rockwell NAT Router Flaw (CVE-2025-7328, CVSS 10.0) Allows Unauthenticated Admin Takeover