Critical exposure
CVE-2022-31481 Carrier Ep4502 Firmware
- CVSS 10
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Simple Task Scheduling System Project Simple Task Scheduling System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions startin...
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database.
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed durin...
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer.
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anyw...
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.