Critical Alert 1 Active Exploit Detected Today

CVE-2026-48558 — SimpleHelp Authentication Bypass Vulnerability →

Powered by CVE Watchtower

×

Prompt injection

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136) Cursor Vulnerability, MCP Security

Cursor Vulnerability, MCP Security

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136)

Do Son August 4, 2025

Cursor, an AI-powered code editor that promises to “understand your codebase and help you code faster,” has...

EchoLeak: First AI Zero-Click Vulnerability Leaks Data from Microsoft 365 Copilot AI Security, Data Exfiltration

AI Security, Data Exfiltration

EchoLeak: First AI Zero-Click Vulnerability Leaks Data from Microsoft 365 Copilot

Do Son June 13, 2025

In the age of artificial intelligence, a multitude of AI agents has emerged, yet their rapid proliferation...

Toxic Agent Flow: GitHub MCP Vulnerability Exposes Private Repositories GitHub MCP vulnerability AI agent hijacking

GitHub MCP vulnerability AI agent hijacking

Toxic Agent Flow: GitHub MCP Vulnerability Exposes Private Repositories

Do Son May 28, 2025

Invariant Labs has revealed a critical vulnerability in the widely used GitHub MCP server that enables attackers...

Critical Flaws in AI Browse Agents: Exposed to Credential Theft and Hijacking Prompt injection, agent hijacking

Prompt injection, agent hijacking

Critical Flaws in AI Browse Agents: Exposed to Credential Theft and Hijacking

Do Son May 22, 2025

As AI-powered browsing agents increasingly automate complex web tasks—from booking travel to managing emails—they’re becoming both indispensable...

AI Jailbreaks Expose Systemic Vulnerability in Generative AI Platforms AI Jailbreak Generative AI

AI Jailbreak Generative AI

AI Jailbreaks Expose Systemic Vulnerability in Generative AI Platforms

Do Son April 25, 2025

A newly disclosed vulnerability note from the CERT Coordination Center (CERT/CC) has shed light on two systemic...

Google’s Agentic AI Security Team Develops Framework to Combat Prompt Injection Attacks Gemini AI Prompt injection

Gemini AI Prompt injection

Google’s Agentic AI Security Team Develops Framework to Combat Prompt Injection Attacks

Do Son January 29, 2025

Google’s Agentic AI Security Team announced in a recent blog post that they have developed a new...

ChatGPT’s New Feature Allows Hackers to Steal Your Data prompt injection attack

prompt injection attack

ChatGPT’s New Feature Allows Hackers to Steal Your Data

Do Son November 15, 2023

Users of the premium service ChatGPT Plus can now benefit from an integrated Python interpreter, which simplifies...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-48558CVSS 10.0
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
CVE-2026-46817CVSS 9.8
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
Admin intel📅 Updated: Jun 29, 2026
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
Admin intel📅 Updated: Jun 25, 2026
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CISA KEV📅 Added to KEV: Jun 25, 2026
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026