Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Apache Log4j2 RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Apache Log4j2 Remote Code Execution
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-fav...
Nothing flagged in this category for this digest.
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, i...
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SA...
Opencast is an Open Source Lecture Capture & Video Management for Education.
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the UR...
An issue was discovered in UiPath Assistant 21.4.4.
Internally used text extraction reports allow an attacker to inject code that can be executed by the application.
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
Apache Log4j2 Deserialization of Untrusted Data