Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Simple Client Management System Project Simple Client Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Simple Client Management System Project Simple Client Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical W-zip Project W-zip Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.
eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.
Path Traversal in NPM w-zip prior to 1.0.12.
An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.