Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Open-emr Openemr Auth Bypass now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Shopex Ecshop SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Shopex Ecshop SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to acce...
Nothing flagged in this category for this digest.
SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php.
SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.
SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php.
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php.
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software.
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted ro...