Active exploit activity
CVE-2019-13358 Opencats XXE
- Public exploit or PoC available
- Exploit activity linked
Opencats XXE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Opencats XXE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Cloudron cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Cisco Ios Xe DoS (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system.
Nothing flagged in this category for this digest.
Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI.
New critical Cisco Ios Xe DoS disclosed.
New critical Cisco Ios Xe Sd-wan Buffer Overflow disclosed.
New critical Cisco Ios Xe DoS disclosed.
Hikvision Improper Input Validation
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoi...