Critical exposure
CVE-2021-24040 Facebook Parlai RCE
- CVSS 9.8
- Remote code execution exposure
New critical Facebook Parlai RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Facebook Parlai RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Qnap Qusbcam2 Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Qnap Ej1600 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide mali...
New critical Qnap Qsw-m2116p-2t2s Firmware exposure disclosed.
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2.
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion.
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion.
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then exe...
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.