Critical Alert 1 Active Exploit Detected Today

CVE-2026-48558 — SimpleHelp Authentication Bypass Vulnerability →

Powered by CVE Watchtower

×

ssrf

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing

Do Son March 2, 2026

Developers relying on Angular’s Server-Side Rendering (SSR) capabilities need to double-check their security configurations. A highly critical...

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts

Archer MR600 command injection WireGuard client configuration Tapo smart device vulnerability unencrypted Bluetooth transmission TP-Link router vulnerability CVE-2026-5509 patch Archer AX53 Vulnerability TP-Link Router Security Tapo C520WS Vulnerability TP-Link Security Patch TP-Link Archer NX Router Vulnerability TP-Link Archer Vulnerability CVE-2025-15568 TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts

Do Son January 29, 2026

TP-Link has issued a security advisory regarding multiple vulnerabilities discovered in its Omada Controller software, a popular...

Elastic Stack Under Fire: 7 New Flaws Expose Files & Crash Servers Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Stack Under Fire: 7 New Flaws Expose Files & Crash Servers

Do Son January 14, 2026

Elastic has released a massive security update addressing seven distinct vulnerabilities across its ecosystem, urging administrators to...

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data

Do Son January 12, 2026

A new flaw has appeared in the foundation of one of the web’s most popular Java frameworks....

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning

Do Son December 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo...

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS

Do Son December 10, 2025

The security team behind ZITADEL, the open-source identity management platform, has issued urgent advisories regarding three high-severity...

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass

Do Son December 5, 2025

The Apache Software Foundation has rolled out a crucial update for the ubiquitous Apache HTTP Server, addressing...

High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF CVE-2023-25157 GeoServer XXE, Unauthenticated File Exfiltration

CVE-2023-25157 GeoServer XXE, Unauthenticated File Exfiltration

High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF

Do Son December 1, 2025

The maintainers of GeoServer have issued an important security advisory regarding a high-severity vulnerability that could allow...

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions

Do Son November 13, 2025

Elastic has issued two security advisories addressing two vulnerabilities in Kibana, the visualization and analytics dashboard component...

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration Zimbra SSRF, Chat Proxy Flaw

Zimbra SSRF, Chat Proxy Flaw

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration

Do Son October 17, 2025

Zimbra has released an emergency security patch (version 10.1.12) to address a critical Server-Side Request Forgery (SSRF)...

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch

Do Son October 7, 2025

Elastic has issued five security advisories addressing five vulnerabilities affecting its Kibana and Elasticsearch components, including three...

Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform

Splunk Enterprise vulnerabilities, CVSS 9.8 flaw, CVE-2026-20253, CVE-2026-20251, CVE-2026-20258 Splunk Enterprise Vulnerabilities CVE-2026-20240 Splunk RCE CVE-2026-20204 Splunk RCE Vulnerability CVE-2026-20163 Splunk Enterprise Vulnerabilities CVE-2026-20140 Splunk Permission Flaw, Local Privilege Escalation Splunk Vulnerabilities CVE-2024-53247 - Splunk Secure Gateway App CVE-2025-20229 & CVE-2025-20231

Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform

Do Son October 2, 2025

Splunk has released a series of security advisories addressing six vulnerabilities in Splunk Enterprise and Splunk Cloud...

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform CVE-2022-43396 Apache Kylin, Authentication Bypass

CVE-2022-43396 Apache Kylin, Authentication Bypass

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform

Do Son October 1, 2025

The Apache Software Foundation has published a new security advisory disclosing three vulnerabilities in Apache Kylin, a...

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF Astro vulnerability

Astro vulnerability

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

Do Son September 7, 2025

The Astro project has disclosed a high-severity vulnerability in its Cloudflare adapter, tracked as CVE-2025-58179 (CVSS 7.2)....

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library CVE-2026-45034 exploit PhpSpreadsheet RCE vulnerability PhpSpreadsheet CVE-2025-54370

CVE-2026-45034 exploit PhpSpreadsheet RCE vulnerability PhpSpreadsheet CVE-2025-54370

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library

Do Son August 26, 2025

A newly disclosed security flaw, tracked as CVE-2025-54370, has been identified in PhpSpreadsheet, a PHP-based library that...

Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF Xerox RCE, FreeFlow Core Vulnerabilities

Xerox RCE, FreeFlow Core Vulnerabilities

Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF

Do Son August 11, 2025

Xerox has released a security update for FreeFlow Core, addressing two high-impact vulnerabilities that could allow attackers...

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft BentoML SSRF, AI Application Security

BentoML SSRF, AI Application Security

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Do Son July 30, 2025

A severe server-side request forgery (SSRF) vulnerability has been disclosed in BentoML, a widely used Python framework...

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server Tableau Server Vulnerabilities, Remote Code Execution

Tableau Server Vulnerabilities, Remote Code Execution

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server

Do Son July 28, 2025

Salesforce has released a security advisory addressing eight serious vulnerabilities affecting multiple versions of Tableau Server, the...

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise Samsung MagicINFO, Digital Signage Vulnerabilities

Samsung MagicINFO, Digital Signage Vulnerabilities

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Do Son July 24, 2025

Samsung’s widely used MagicINFO 9 Server, a digital signage management platform, was found multi security vulnerabilities. Security...

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover Manager.io SSRF, Accounting Software Vulnerability

Manager.io SSRF, Accounting Software Vulnerability

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Do Son July 23, 2025

A newly disclosed critical vulnerability in Manager.io, a free accounting software used by businesses across Australia and...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-48558CVSS 10.0
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
CVE-2026-46817CVSS 9.8
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
Admin intel📅 Updated: Jun 29, 2026
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
Admin intel📅 Updated: Jun 25, 2026
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CISA KEV📅 Added to KEV: Jun 25, 2026
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026