Critical exposure
CVE-2021-37538 Smartdatasoft Smartblog SQL Injection
- CVSS 9.8
New critical Smartdatasoft Smartblog SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Smartdatasoft Smartblog SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Lg N1t1 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Dlink Dir-816 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
An issue was discovered in Joomla!
This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions.
The issue was addressed with improved permissions logic.
Multiple issues were addressed by removing HDF5.
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to e...
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in t...
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function...
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler functi...
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters.