Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Fluxcd Flux2 Privilege Escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Fluxcd Flux2 Path Traversal (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that i...
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote an...
Flux2 is an open and extensible continuous delivery solution for Kubernetes.
Flux is an open and extensible continuous delivery solution for Kubernetes.
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify).
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL.
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allow...