Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Strapi RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Chshcms Cscms RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the...
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-user...
Nothing flagged in this category for this digest.
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 an...
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
An issue was discovered in EdgeGallery/developer before v1.0.
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the pro...
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1....
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5...
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1....