Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Microsoft Windows Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Pyramidsolutions Netstax Ethernet\/ip Adapter Development Kit Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00).
Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an ou...
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALAN...
The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.
The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.
The application security module has a vulnerability in permission assignment.
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC...
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.