Critical Watch
AI-curated daily picks – the most critical CVEs requiring immediate attention
D-Link DIR-513 buffer overflow enables authenticated remote code execution on network infrastructure with public exploit available.
D-Link DIR-882 routers are widely deployed in homes and small businesses, and this command injection vulnerability allows authenticated attackers to gain full system control, making it a critical patch priority for organizations using D-Link infrastructure.
Mitsubishi Electric SCADA/HMI systems used in critical infrastructure store SQL Server credentials in plaintext, with active threat intelligence indicating known threat actors targeting industrial control systems.
Multiple Mitsubishi Electric SCADA platforms (GENESIS64, ICONICS Suite, MC Works64) expose SQL Server credentials in cleartext through GUI, creating high risk for industrial environments with confirmed threat actor interest.
DSGVO Google Web Fonts WordPress plugin allows unauthenticated remote code execution via arbitrary file upload, enabling immediate website compromise with no authentication required.
Users Manager WordPress plugin vulnerability enables unauthenticated attackers to modify user metadata and escalate privileges to administrator, allowing complete site takeover on WordPress installations.
Everest Forms WordPress plugin (widely used contact form solution) suffers from PHP object injection allowing unauthenticated remote code execution, affecting all versions through 3.4.3.
Mozilla Firefox and Thunderbird memory corruption enables remote code execution without user interaction, affecting millions of browser and email client users worldwide.
Cockpit web interface remote code execution affects Red Hat Enterprise Linux 7-10, enabling unauthenticated attackers to compromise widely-deployed enterprise Linux systems.
Ninja Forms File Uploads plugin for WordPress allows unauthenticated arbitrary file upload leading to RCE, threatening the millions of WordPress sites using this popular plugin.
LibRaw heap overflow enables remote code execution via malformed images, affecting ImageMagick and numerous applications that process user-uploaded photos.
Dolibarr ERP/CRM remote code execution has public exploit and affects businesses using this widely-deployed open-source business management platform.
Missing authentication in gpt-researcher HTTP REST API (a popular AI research tool) allows completely unauthenticated remote access to the entire API, enabling attackers to abuse the service without any credentials.
Remote code execution in gpt-researcher allows unauthenticated attackers to execute arbitrary code via the WebSocket endpoint, representing a complete compromise of systems running this widely-used AI research framework.
SSRF vulnerability in Kodbox (popular enterprise file management system with significant deployment base in Asia) allows unauthenticated attackers to perform arbitrary network requests, enabling internal network reconnaissance and potential data exfiltration.
Tenda AC10 routers (widely deployed consumer device) expose a hard-coded RSA private key in world-readable firmware, allowing attackers to decrypt TLS traffic and potentially compromise remote management sessions.
UTT HiPER 1250GW enterprise router contains an authenticated buffer overflow allowing remote code execution with public exploit available, threatening network perimeter security for organizations using this business-grade equipment.
Stack-based buffer overflow in UTT HiPER 1250GW router enables authenticated remote code execution via /gofo endpoint with public POC, creating immediate risk for enterprises relying on these routers for network infrastructure.
Tenda M3 router (popular consumer mesh WiFi device) vulnerable to authenticated buffer overflow enabling code execution, with public exploit available threatening home and small business networks.
Provectus kafka-ui (widely used Apache Kafka management interface) allows unauthenticated remote code execution through the smartfilters endpoint, exposing critical data streaming infrastructure to complete compromise.
Fortinet FortiClientEMS remote code execution with CVSS 9.8 allows unauthenticated attackers to execute arbitrary code, affecting enterprise endpoint management deployments widely used for managing corporate devices.
WordPress WCFM Frontend Manager plugin vulnerability allows authenticated vendors to delete arbitrary posts/products and manipulate orders with public exploit available, impacting e-commerce sites using this popular WooCommerce extension.
Azure Kubernetes Service (AKS) improper authorization with CVSS 10.0 allows unauthenticated remote privilege escalation, affecting countless enterprise cloud deployments running containerized workloads.
Azure Databricks SSRF with CVSS 10.0 enables unauthenticated attackers to achieve full privilege escalation in a widely-used enterprise data analytics platform.
Azure AI Foundry improper authorization with CVSS 10.0 allows unauthenticated remote attackers to completely compromise AI/ML workloads in Microsoft's cloud platform.