Disclosed Vulnerabilities
Our Labs & Research teams identify, validate, and responsibly disclose security vulnerabilities across widely deployed enterprise software, cloud services, and edge devices.
WT ID |
Title | CVE ID |
Published |
|---|---|---|---|
| WT-2025-0086 | Unpublished | Unpublished | Unpublished |
| WT-2025-0085 | Unpublished | Unpublished | Unpublished |
| WT-2025-0084 | Unpublished | Unpublished | Unpublished |
| WT-2025-0083 | Unpublished | Unpublished | Unpublished |
| WT-2025-0082 | Unpublished | Unpublished | Unpublished |
| WT-2025-0081 | Unpublished | Unpublished | Unpublished |
| WT-2025-0080 | Unpublished | Unpublished | Unpublished |
| WT-2025-0079 | Unpublished | Unpublished | Unpublished |
| WT-2025-0078 | Unpublished | Unpublished | Unpublished |
| WT-2025-0077 | Unpublished | Unpublished | Unpublished |
| WT-2025-0076 | Unpublished | Unpublished | Unpublished |
| WT-2025-0075 | Unpublished | Unpublished | Unpublished |
| WT-2025-0074 | Unpublished | Unpublished | Unpublished |
| WT-2025-0073 | Unpublished | Unpublished | Unpublished |
| WT-2025-0072 | Unpublished | Unpublished | Unpublished |
| WT-2025-0071 | Unpublished | Unpublished | Unpublished |
| WT-2025-0070 | Unpublished | Unpublished | Unpublished |
| WT-2025-0069 | Unpublished | Unpublished | Unpublished |
| WT-2025-0068 | Unpublished | Unpublished | Unpublished |
| WT-2025-0067 | Unpublished | Unpublished | Unpublished |
| WT-2025-0066 | Unpublished | Unpublished | Unpublished |
| WT-2025-0065 | Unpublished | Unpublished | Unpublished |
| WT-2025-0064 | Unpublished | Unpublished | Unpublished |
| WT-2025-0063 | Unpublished | Unpublished | Unpublished |
| WT-2025-0062 | ArcServe UDP Authentication Bypass | CVE-2025-34520 | Aug 20, 2025 |
| WT-2025-0061 | ArcServe UDP Reflected XSS | CVE-2025-34521 | Aug 20, 2025 |
| WT-2025-0060 | ArcServe UDP Pre-Auth Heap Overflow | CVE-2025-34522 | Aug 20, 2025 |
| WT-2025-0059 | ArcServe UDP Pre-Auth Heap Overflow | CVE-2025-34523 | Aug 20, 2025 |
| WT-2025-0058 | Unpublished | Unpublished | Unpublished |
| WT-2025-0057 | Unpublished | Unpublished | Unpublished |
| WT-2025-0056 | Unpublished | Unpublished | Unpublished |
| WT-2025-0055 | Unpublished | Unpublished | Unpublished |
| WT-2025-0054 | Unpublished | Unpublished | Unpublished |
| WT-2025-0053 | SonicWall SMA100 Reflected XSS | CVE-2025-40598 | Apr 29, 2025 |
| WT-2025-0052 | SonicWall SMA100 Pre-Auth Heap-Overflow | CVE-2025-40597 | Jul 23, 2025 |
| WT-2025-0051 | SonicWall SMA100 Pre-Auth Stack-Overflow | CVE-2025-40596 | Jul 23, 2025 |
| WT-2025-0050 | Unpublished | Unpublished | Unpublished |
| WT-2025-0049 | Unpublished | Unpublished | Unpublished |
| WT-2025-0048 | Unpublished | Unpublished | Unpublished |
| WT-2025-0047 | Unpublished | Unpublished | Unpublished |
| WT-2025-0046 | Unpublished | Unpublished | Unpublished |
| WT-2025-0045 | Unpublished | Unpublished | Unpublished |
| WT-2025-0044 | Unpublished | Unpublished | Unpublished |
| WT-2025-0043 | Commvault Remote Code Execution | CVE-2025-34028 | Apr 24, 2025 |
| WT-2025-0042 | Unpublished | Unpublished | Unpublished |
| WT-2025-0041 | Progress Telerik UI for AJAX | CVE-2025-3600 | May 14, 2025 |
| WT-2025-0040 | Unpublished | Unpublished | Unpublished |
| WT-2025-0039 | Sophos Endpoint EDR LPE | CVE-2025-7433 | Jul 17, 2025 |
| WT-2025-0038 | Unpublished | Unpublished | Unpublished |
| WT-2025-0037 | Dell Unity Pre-Auth Command Injection | CVE-2025-36604 | Aug 4, 2025 |
| WT-2025-0036 | Dell Unity Reflected XSS | CVE-2025-36605 | Aug 4, 2025 |
| WT-2025-0035 | Unpublished | Unpublished | Unpublished |
| WT-2025-0034 | Unpublished | Unpublished | Unpublished |
| WT-2025-0033 | Veeam Backup & Replication Remote Code Execution Vulnerability | CVE-2025-23121 | Jun 17, 2025 |
| WT-2025-0032 | Sitecore Experience Platform Remote Code Execution Vulnerability | CVE-2025-34510 | Jun 16, 2025 |
| WT-2025-0031 | Unpublished | Unpublished | Unpublished |
| WT-2025-0030 | Kentico Xperience CMS Cross-Site Scripting Vulnerability | CVE-2025-32370 | Apr 3, 2025 |
| WT-2025-0029 | Unpublished | Unpublished | Unpublished |
| WT-2025-0028 | Unpublished | Unpublished | Unpublished |
| WT-2025-0027 | Sitecore Experience Platform Information Disclosure Vulnerability | CVE-2025-53694 | Jul 8, 2025 |
| WT-2025-0026 | Unpublished | Unpublished | Unpublished |
| WT-2025-0025 | Sitecore Experience Platform Remote Code Execution Vulnerability | CVE-2025-34511 | Jun 16, 2025 |
| WT-2025-0024 | Sitecore Experience Platform Authentication Bypass Vulnerability | CVE-2025-34509 | Jun 16, 2025 |
| WT-2025-0023 | Sitecore Experience Platform HTML Cache Poisoning Vulnerability | CVE-2025-53693 | Jun 16, 2025 |
| WT-2025-0022 | Unpublished | Unpublished | Unpublished |
| WT-2025-0021 | Unpublished | Unpublished | Unpublished |
| WT-2025-0020 | Sitecore Experience Platform Cross-Site Scripting Vulnerability | CVE-2025-53692 | Jul 8, 2025 |
| WT-2025-0019 | Sitecore Experience Platform Remote Code Execution Vulnerability | CVE-2025-53691 | Jun 16, 2025 |
| WT-2025-0018 | Unpublished | Unpublished | Unpublished |
| WT-2025-0017 | Unpublished | Unpublished | Unpublished |
| WT-2025-0016 | Kentico Xperience CMS Cross-Site Scripting Vulnerability | CVE-2025-2748 | Mar 6, 2025 |
| WT-2025-0015 | Veeam Backup & Replication Remote Code Execution Vulnerability | CVE-2025-23120 | Mar 19, 2025 |
| WT-2025-0014 | Veeam Backup & Replication Remote Code Execution Vulnerability | CVE-2025-23120 | Mar 19, 2025 |
| WT-2025-0013 | Fortinet FortiOS Authentication Bypass | CVE-2025-24472 | Feb 11, 2025 |
| WT-2025-0012 | SugarCRM Server-Side Request Forgery | ||
| WT-2025-0011 | Kentico Xperience CMS Authentication Bypass Vulnerability | CVE-2025-2747 | Mar 6, 2025 |
| WT-2025-0010 | SysAid Pre-Auth XXE Admin creds disclosure | CVE-2025-2775 | May 7, 2025 |
| WT-2025-0010 | SysAid Pre-Auth XXE Admin creds disclosure | CVE-2025-2776 | May 7, 2025 |
| WT-2025-0010 | SysAid Pre-Auth XXE Admin creds disclosure | CVE-2025-2777 | May 7, 2025 |
| WT-2025-0009 | Plesk Open Redirect | ||
| WT-2025-0008 | Kentico Xperience CMS Denial of Service Vulnerability | CVE-2025-2794 | Mar 28, 2025 |
| WT-2025-0007 | Kentico Xperience CMS Remote Code Execution Vulnerability | CVE-2025-2749 | Mar 6, 2025 |
| WT-2025-0006 | Kentico Xperience CMS Authentication Bypass Vulnerability | CVE-2025-2746 | Jan 30, 2025 |
| WT-2025-0005 | Unpublished | Unpublished | Unpublished |
| WT-2025-0004 | Unpublished | Unpublished | Unpublished |
| WT-2025-0003 | Unpublished | Unpublished | Unpublished |
| WT-2025-0002 | Unpublished | Unpublished | Unpublished |
| WT-2025-0001 | Unpublished | Unpublished | Unpublished |
| WT-2024-0036 | InfoScale Deserialization Pre-Auth RCE | CVE-2025-27816 | Mar 7, 2025 |
| WT-2024-0035 | Palo-Alto PANOS File Deletion | CVE-2025-0109 | Feb 12, 2025 |
| WT-2024-0034 | Veeam Deserialization Bypass File Delete & NTLM Relay | CVE-2024-42455 | Dec 4, 2024 |
| WT-2024-0033 | FortiManager Command Injection (FortiJumpHigher) | CVE-2024-50566 | Jan 14, 2025 |
| WT-2024-0032 | Sophos Endpoint EDR LPE | CVE-2024-8885 | Oct 2, 2024 |
| WT-2024-0031 | Liferay Cross-Site Scripting (Reflected) | ||
| WT-2024-0030 | Unpublished | Unpublished | Unpublished |
| WT-2024-0029 | Unpublished | Unpublished | Unpublished |
| WT-2024-0028 | DotNetNuke.Core Server-Side Request Forgery | CVE-2025-32372 | Apr 9, 2025 |
| WT-2024-0027 | Dell CMC Use of Outdated Libraries | ||
| WT-2024-0026 | Dell CMC Stack Overflow | CVE-2025-26336 | |
| WT-2024-0025 | Unpublished | Unpublished | Unpublished |
| WT-2024-0024 | Unpublished | Unpublished | Unpublished |
| WT-2024-0023 | Unpublished | Unpublished | Unpublished |
| WT-2024-0022 | Oracle Opera XML Entity Injection | CVE-2025-21547 | |
| WT-2024-0021 | Nakivo Arbitrary File Read | CVE-2024-48248 | Feb 26, 2025 |
| WT-2024-0020 | EVE-NG Server-Side Request Forgery | ||
| WT-2024-0019 | Unpublished | Unpublished | Unpublished |
| WT-2024-0018 | MailEnable Cross-Site Scripting Reflected | ||
| WT-2024-0017 | Unpublished | Unpublished | Unpublished |
| WT-2024-0016 | Citrix Desktop (XEN) Pre-Auth Deserialization RCE Chain | CVE-2024-8069 | Nov 12, 2024 |
| WT-2024-0015 | Citrix Desktop (XEN) Pre-Auth Deserialization RCE Chain | CVE-2024-8068 | Nov 12, 2024 |
| WT-2024-0014 | Mitel Micollab Authentication Bypass | CVE-2024-41713 | Dec 5, 2024 |
| WT-2024-0013 | Unpublished | Unpublished | Unpublished |
| WT-2024-0012 | QNAP QuTSCloud Heap overflow from creating directory with large name | CVE-2024-32763 | Sep 6, 2024 |
| WT-2024-0011 | Vembu BDRSuite SQL Injection | ||
| WT-2024-0010 | Unpublished | Unpublished | Unpublished |
| WT-2024-0009 | Ivanti Connect Secure XML Entity Injection | CVE-2024-22024 | Feb 9, 2024 |
| WT-2024-0008 | Unpublished | Unpublished | Unpublished |
| WT-2024-0007 | IBM Qradar AJP Packet Smuggling | CVE-2022-26377 | Apr 12, 2024 |
| WT-2024-0006 | Unpublished | Unpublished | Unpublished |
| WT-2024-0005 | QNAP QuTSCloud XSS via remote device discovery | May 27, 2023 | |
| WT-2024-0004 | QNAP QuTSCloud XSS via remote log messages | May 27, 2023 | |
| WT-2024-0003 | Unpublished | Unpublished | Unpublished |
| WT-2024-0002 | Unpublished | Unpublished | Unpublished |
| WT-2024-0001 | Unpublished | Unpublished | Unpublished |
| WT-2023-0056 | IBM Operational Decision Manager Remote Code Execution | CVE-2024-22320 | Feb 22, 2024 |
| WT-2023-0055 | IBM Operational Decision Manager Remote Code Execution | CVE-2024-22319 | Feb 22, 2024 |
| WT-2023-0055 | QNAP QuTSCloud Log spoofing via x-forwarded-for | CVE-2024-27131 | May 7, 2023 |
| WT-2023-0054 | QNAP QuTSCloud Stack buffer overflow | CVE-2024-27130 | May 27, 2023 |
| WT-2023-0053 | QNAP QuTSCloud Static variable overflow | CVE-2024-27129 | May 27, 2023 |
| WT-2023-0052 | QNAP QuTSCloud Stack overflow | CVE-2024-27128 | May 27, 2023 |
| WT-2023-0051 | QNAP QuTSCloud Double-free | CVE-2024-27127 | May 27, 2023 |
| WT-2023-0050 | QNAP QuTSCloud Hardcoded key in VJBOD tickets | May 27, 2023 | |
| WT-2023-0049 | QNAP QuTSCloud Missing authentication | CVE-2024-21902 | May 27, 2023 |
| WT-2023-0048 | QNAP QuTSCloud Heap overflow | CVE-2023-50364 | May 27, 2023 |
| WT-2023-0047 | QNAP QuTSCloud Missing authentication | CVE-2023-50363 | May 27, 2023 |
| WT-2023-0046 | QNAP QuTSCloud Authenticated stack overflow | CVE-2023-50362 | May 27, 2023 |
| WT-2023-0045 | QNAP QuTSCloud Authenticated stack overflow | CVE-2023-50361 | May 27, 2023 |
| WT-2023-0044 | Form Tools Local File Inclusion | Feb 8, 2024 | |
| WT-2023-0043 | Unpublished | Unpublished | Unpublished |
| WT-2023-0042 | Sangfor NGAF Command Injection | CVE-2023-30806 | Oct 5, 2023 |
| WT-2023-0041 | Unpublished | Unpublished | Unpublished |
| WT-2023-0040 | Unpublished | Unpublished | Unpublished |
| WT-2023-0039 | Unpublished | Unpublished | Unpublished |
| WT-2023-0038 | Unpublished | Unpublished | Unpublished |
| WT-2023-0037 | Unpublished | Unpublished | Unpublished |
| WT-2023-0036 | Sangfor NGAF Command Injection | CVE-2023-30805 | Oct 5, 2023 |
| WT-2023-0035 | Sangfor NGAF Arbitrary File Read | CVE-2023-30804 | Oct 5, 2023 |
| WT-2023-0034 | Sangfor NGAF Authentication Bypass | CVE-2023-30803 | Oct 5, 2023 |
| WT-2023-0033 | Sangfor NGAF Information Disclosure | CVE-2023-30802 | Oct 5, 2023 |
| WT-2023-0032 | Unpublished | Unpublished | Unpublished |
| WT-2023-0031 | Unpublished | Unpublished | Unpublished |
| WT-2023-0030 | Orbeon Forms Remote Code Execution | Sep 8, 2023 | |
| WT-2023-0029 | Orbeon Forms Server-Side Request Forgery | Sep 8, 2023 | |
| WT-2023-0028 | OpenCMS Apache Solr Injection | CVE-2023-42346 | Nov 21, 2023 |
| WT-2023-0027 | OpenCMS Cross-Site Scripting (Reflected) | CVE-2023-42345 | Nov 21, 2023 |
| WT-2023-0026 | OpenCMS Cross-Site Scripting (Reflected) | CVE-2023-42343 | Nov 21, 2023 |
| WT-2023-0025 | OpenCMS XML Entity Injection | CVE-2023-42344 | Nov 21, 2023 |
| WT-2023-0024 | Fortinet FortiOS Authenticated DoS via null deref | Jun 9, 2023 | |
| WT-2023-0023 | Unpublished | Unpublished | Unpublished |
| WT-2023-0022 | Unpublished | Unpublished | Unpublished |
| WT-2023-0021 | Unpublished | Unpublished | Unpublished |
| WT-2023-0020 | Unpublished | Unpublished | Unpublished |
| WT-2023-0019 | Unpublished | Unpublished | Unpublished |
| WT-2023-0018 | cPanel XSS in 'repair SQL database' via database name | ||
| WT-2023-0017 | cPanel XSS in 'reset SQL password' | ||
| WT-2023-0016 | Unpublished | Unpublished | Unpublished |
| WT-2023-0015 | Unpublished | Unpublished | Unpublished |
| WT-2023-0014 | Unpublished | Unpublished | Unpublished |
| WT-2023-0013 | Unpublished | Unpublished | Unpublished |
| WT-2023-0012 | Unpublished | Unpublished | Unpublished |
| WT-2023-0011 | SonicWall SonicOS Authenticated DoS via null deref | CVE-2023-41711 | Oct 20, 2023 |
| WT-2023-0010 | SonicWall SonicOS Authenticated DoS via assert failure | CVE-2023-41712 | Oct 20, 2023 |
| WT-2023-0009 | SonicWall SonicOS Authenticated DoS via null deref | CVE-2023-41711 | Oct 20, 2023 |
| WT-2023-0008 | SonicWall SonicOS Authenticated DoS | CVE-2023-39280 | Oct 20, 2023 |
| WT-2023-0007 | Unpublished | Unpublished | Unpublished |
| WT-2023-0006 | SonicWall SonicOS Authenticated DoS | CVE-2023-39279 | Oct 20, 2023 |
| WT-2023-0005 | SonicWall SonicOS Stack buffer overflow | CVE-2023-39276 | Oct 20, 2023 |
| WT-2023-0004 | SonicWall SonicOS Hardcoded credentials | CVE-2023-41713 | Oct 20, 2023 |
| WT-2023-0003 | SonicWall SonicOS Stack buffer overflow | CVE-2023-39277 | Oct 20, 2023 |
| WT-2023-0002 | SonicWall SonicOS Authenticated DoS | CVE-2023-39278 | Oct 20, 2023 |
| WT-2023-0001 | Unpublished | Unpublished | Unpublished |
| WT-2022-0003 | OpenVPN Access Server Insertion of Sensitive Information into log file | CVE-2022-33737 | Aug 4, 2022 |
| WT-2022-0002 | OpenVPN Access Server Use of weak random number generator | CVE-2022-33738 | Aug 4, 2022 |
| WT-2022-0001 | OpenAM Authentication Bypass | CVE-2022-34298 | Jul 1, 2022 |
The research published by watchTowr Labs is just a glimpse into what powers the watchTowr Platform – delivering automated, continuous testing against real attacker behaviour.
By combining Proactive Threat Intelligence and External Attack Surface Management into a single Preemptive Exposure Management capability, the watchTowr Platform helps organisations rapidly react to emerging threats – and gives them what matters most: time to respond.