Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Microsoft .NET Framework, SharePoint, Visual Studio RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Asrock Box-r1000 Firmware Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution
Nothing flagged in this category for this digest.
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.
Incorrect Access Control in Beckhoff Automation GmbH & Co.
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap wi...
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master...
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the...
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file up...
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the f...
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does n...