Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
Critical exposure
New critical Rawspeed Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Zeromq Libzmq Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress.
Nothing flagged in this category for this digest.
RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
There is a Configuration Defect vulnerability in Huawei Smartphone.
A command injection vulnerabilities have been reported to affect QTS and QuTS hero.
A command injection vulnerabilities have been reported to affect QTS and QuTS hero.
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control.
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).