Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Adobe Flash Player RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Nirweb Support SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
WebKitGTK Memory Corruption
Cisco IOS XR Open Port
Android Kernel Race Condition
Android Kernel Use-After-Free
Apple Multiple Products Memory Corruption
Microsoft Windows Kernel Privilege Escalation
WhatsApp Cross-Site Scripting
Microsoft Update Notification Manager Privilege Escalation
Apple Multiple Products Memory Corruption
Apple iOS Memory Corruption
Google Chrome WebAudio Use-After-Free
Microsoft Windows AppX Deployment Extensions Privilege Escalation
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog.
Nothing flagged in this category for this digest.
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow,...
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX...
The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated...
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping,...