Active exploit activity
CVE-2021-28164 Eclipse Autovue For Agile Product Lifecycle Management
- Public exploit or PoC available
- Exploit activity linked
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Cct95 Chichen Tech Cms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Yonyou Ufida Product Lifecycle Management Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e s...
Nothing flagged in this category for this digest.
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrar...
Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid pa...
The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server withou...
Many of the services used by the affected product do not specify full paths for the DLLs they are loading.
There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or creat...
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the mani...
All versions of yongyou PLM are affected by a command injection issue.
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-In...
BQE BillQuick Web Suite SQL Injection