Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Oracle Secure Global Desktop privilege escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Schneider-electric Evlink City Evc1s22p4 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EV...
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), E...
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client).
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server).
Collabora Online is a collaborative online office suite.
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the se...