Critical exposure
CVE-2021-24044 Facebook Hermes RCE
- CVSS 9.8
- Remote code execution exposure
New critical Facebook Hermes RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Facebook Hermes RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Google Android memory safety (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Dolibarr Erp\/crm SQL injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes wou...
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents co...
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents co...
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could...
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check.
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows...
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade...
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
NUUO NVRmini2 Devices Missing Authentication