| Website | https://rxerium.com |
🚨 CVE-2026-21643 an SQL Injection vulnerability (CVSS 9.8) is seeing active exploitation in the wild as reported by @DefusedCyber
Vulnerability detection script available here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-21643.yaml
This vulnerability currently only affects FortiClientEMS 7.4.4 and it is recommended that you upgrade to 7.4.5 or later as reported by Fortinet:
https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
🚨 Mandiant have identified zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769.
RecoverPoint can be detected using this Nuclei template:
https://github.com/projectdiscovery/nuclei-templates/pull/15377/changes
Very limited exposure to the internet.
Dell recommends upgrading to version 6.0.3.1 HF1 or later. Mitigations are also available.
Mandiant report:
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
Yet another critical vulnerability in n8n - CVE-2026-25049 (CVSS 9.4).
Vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-25049.yaml
Patched versions are 1.123.17 / 2.5.2 as per:
https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
🚨 2 new vulnerability scripts created for the n8n vulnerabilities disclosed today:
CVE-2026-1470:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-1470.yaml
CVE-2026-0863:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-0863.yaml
Happy hunting.
🚨 2 critical authentication bypass and remote command execution vulnerabilities in Solarwinds WHD have been disclosed.
Vulnerability detection scripts can be found below:
CVE-2025-40552:
https://github.com/rxerium/rxerium-templates/blob/main/2025/CVE-2025-40552.yaml
CVE-2025-40554:
https://github.com/rxerium/rxerium-templates/blob/main/2025/CVE-2025-40554.yaml
At the time of writing there are no signs of active exploitation in the wild but it is strongly recommended that you patch as per Solarwind's security advisory:
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
🔎 With all the recent buzz around Clawdbot, I've created a Nuclei template to fingerprint and detect this product:
https://github.com/projectdiscovery/nuclei-templates/pull/15055
Currently, there are 240 exposed instances (via Shodan) accessible on the internet at the time of posting, but I expect that number to grow:
https://www.shodan.io/search?query=clawdbot-gw
🚨 CVE-2025-64155: Critical unauthenticated OS command injection in Fortinet FortiSIEM which may allow an unauthenticated attacker to execute unauthorised code or commands via crafted TCP requests. (CVSS 9.8)
I've created a vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2025/CVE-2025-64155.yaml
Patches are strongly advised. If you are unable to patch it is recommended that you limit access to the phMonitor port (7900) as per Fortinet's advisory:
https://fortiguard.fortinet.com/psirt/FG-IR-25-772
🚨 Critical (CVSS 9.6) vulnerability in Appsmith allows account takeover via Origin header manipulation in password reset/email verification flows.
I've created a vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-22794.yaml
Reference:
https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv
🚨 Yet another critical (CVSS 10) vulnerability affecting n8n instances tagged as CVE-2026-21877.
If the attack is successful it could result in full compromise of the affected instance.
Vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-21877.yaml
The issue has been resolved in n8n version 1.121.3.
🚨 CVE-2025-52691 (CVSS 10) in SmarterMail allows unauthenticated arbitrary file upload leading to RCE.
Affects Build ≤9406. Update to 9413+.
Detection script: github.com/rxerium/CVE-2025-52691
CSA Alert:
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/