Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Microsoft Internet Explorer RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Wago 0852-0303 Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Mozilla Firefox And Thunderbird Type Confusion
Microsoft Internet Explorer Scripting Engine Memory Corruption
Zeroshell 3.9.0 is prone to a remote command execution vulnerability.
Nothing flagged in this category for this digest.
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and...
A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to cre...
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally...
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local...