Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
RARLAB UnRAR Directory Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Paloaltonetworks Pan-os Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Microsoft Windows 10 RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution
RARLAB UnRAR Directory Traversal
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to in...
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to in...
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary...
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists.
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS...
Nothing flagged in this category for this digest.
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Windows Network File System Remote Code Execution Vulnerability