Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
SAP NetWeaver SQL Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
SAP NetWeaver Unrestricted File Upload
SAP NetWeaver SQL Injection
SAP NetWeaver Information Disclosure
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures.
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided wi...
Envoy is a cloud-native high-performance proxy.
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP,...
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header...
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorre...