Critical Alert 4 Active Exploits Detected Today

CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability →
CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability →
CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability →
CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability →
Powered by CVE Watchtower
×
June 23, 2026

Remote Code Execution

9.4 CVE-2026-27212: Critical Swiper Prototype Pollution Flaw (CVSS 9.4) Exposes Global Apps Swiper npm Vulnerability CVE-2026-27212

9.4 CVE-2026-27212: Critical Swiper Prototype Pollution Flaw (CVSS 9.4) Exposes Global Apps

Do Son February 24, 2026 0
If your web or mobile application relies on smooth, touch-friendly interfaces, there is a high probability you...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.4</span> CVE-2026-27212: Critical Swiper Prototype Pollution Flaw (CVSS 9.4) Exposes Global Apps
Critical Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

Critical Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors

Do Son February 23, 2026 0
A critical security flaw in a widely used enterprise access platform is under active attack, prompting urgent...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">Critical</span> Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors
Critical Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE Calibre Vulnerability CVE-2026-26065 Calibre RCE, FB2 File Flaw

Critical Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE

Do Son February 23, 2026 0
Calibre, the highly popular, cross-platform e-book manager utilized by readers worldwide to view, convert, edit, and catalog...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">Critical</span> Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE
Critical The Dev Environment Trap: 128 Million Users at Risk as Top VS Code Extensions Unmask Critical Flaws VS Code extension vulnerabilities 2026

Critical The Dev Environment Trap: 128 Million Users at Risk as Top VS Code Extensions Unmask Critical Flaws

Do Son February 20, 2026 0
Ubiquitous extensions for Visual Studio Code, boasting a cumulative download count exceeding 128 million, have been unmasked...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">Critical</span> The Dev Environment Trap: 128 Million Users at Risk as Top VS Code Extensions Unmask Critical Flaws
9.3 PoC Publicly Disclosed: Critical Grandstream VoIP Flaw (CVSS 9.3) Grants Stealthy Root Access Grandstream VoIP Zero-Day CVE-2026-2329 PoC

9.3 PoC Publicly Disclosed: Critical Grandstream VoIP Flaw (CVSS 9.3) Grants Stealthy Root Access

Do Son February 20, 2026 0
If your office desks are equipped with Grandstream GXP1600 series phones, you might want to pause the...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.3</span> PoC Publicly Disclosed: Critical Grandstream VoIP Flaw (CVSS 9.3) Grants Stealthy Root Access
Critical Billions at Risk: Critical Windows Notepad Flaw Allows Remote Code Execution Windows Notepad Vulnerability CVE-2026-20841 Notepad Markdown Tables Copilot Streaming

Critical Billions at Risk: Critical Windows Notepad Flaw Allows Remote Code Execution

Do Son February 11, 2026 0
It is the quintessential “harmless” application: Windows Notepad. But a newly discovered vulnerability has turned this humble...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">Critical</span> Billions at Risk: Critical Windows Notepad Flaw Allows Remote Code Execution
9.8 Null Byte Nightmare: Critical WPvivid Backup Flaw (CVSS 9.8) Exposes 800K WordPress Sites WPvivid Backup Vulnerability CVE-2026-1357

9.8 Null Byte Nightmare: Critical WPvivid Backup Flaw (CVSS 9.8) Exposes 800K WordPress Sites

Do Son February 11, 2026 0
A critical security vulnerability has been discovered in WPvivid Backup, a popular WordPress plugin used by over...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.8</span> Null Byte Nightmare: Critical WPvivid Backup Flaw (CVSS 9.8) Exposes 800K WordPress Sites
9.0 Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

9.0 Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover

Do Son February 11, 2026 0
A critical vulnerability has been discovered in SandboxJS, a popular library designed to safely execute untrusted JavaScript...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.0</span> Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover
8.3 30-Year-Old Bug: High-Severity libpng Flaw (CVSS 8.3) Exposes Millions of Apps libpng Vulnerability CVE-2026-25646 libpng Vulnerability Remote Code Execution (RCE)

8.3 30-Year-Old Bug: High-Severity libpng Flaw (CVSS 8.3) Exposes Millions of Apps

Do Son February 10, 2026 0
A high-severity vulnerability has been unearthed in libpng, the official and ubiquitous reference library for handling PNG...
Read More Read more about <span class="dcs-sev-badge" style="background:#f97316;">8.3</span> 30-Year-Old Bug: High-Severity libpng Flaw (CVSS 8.3) Exposes Millions of Apps
9.1 Endpoint Exposed: Critical FortiClient EMS Flaw (CVSS 9.1) Allows Unauthenticated RCE FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

9.1 Endpoint Exposed: Critical FortiClient EMS Flaw (CVSS 9.1) Allows Unauthenticated RCE

Do Son February 9, 2026 0
Fortinet has issued a high-priority security advisory for its FortiClient Enterprise Management Server (EMS), warning of a...
Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.1</span> Endpoint Exposed: Critical FortiClient EMS Flaw (CVSS 9.1) Allows Unauthenticated RCE