Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Ibm Security Verify Governance privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Xxyopen Novel-plus SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Dedecms RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42...
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is highe...
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin`...
In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being pass...
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive i...
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get.