Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Croogo RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical B2evolution Cms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload...
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management...
Nothing flagged in this category for this digest.
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section.
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2.
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2.
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2.
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2.
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2.
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2.
naholyr github-todos 3.1.0 is vulnerable to command injection.
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step.