Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Efs Software Easy Chat Server Buffer Overflow now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Wavlink Wn533a8 Firmware XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Kromit Titra privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer e...
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system s...
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://I...
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http:/...
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page para...
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possi...
Nothing flagged in this category for this digest.
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action...
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient...
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
In httpclient, there is a possible out of bounds write due to uninitialized data.
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow.
Shescape is a simple shell escape package for JavaScript.
PrestaShop is an Open Source e-commerce platform.
fs2 is a compositional, streaming I/O library for Scala.
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumera...
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device pa...