Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Contest Gallery SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Rosariosis SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-n...
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php.
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
Nodebb is an open source Node.js based forum software.
Nodebb is an open source Node.js based forum software.
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attacker...