Active exploit activity
CVE-2021-33561 Shopizer XSS
- Public exploit or PoC available
- Exploit activity linked
Shopizer XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Shopizer XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Shopizer XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Zzcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTM...
A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or...
The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations.
Codiad Web IDE through 2.8.4 allows PHP Code injection.
Nothing flagged in this category for this digest.
An issue was discovered in zzcms 2019.
MetInfo 7.0 beta is affected by a file modification vulnerability.
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a...
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via...
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation o...
IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound au...
The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execut...
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability.
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.