Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Hashicorp Boundary Privilege Escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Honeywell Controledge Plc Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Yogeshojha Rengine Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function.
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials.
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct s...
Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php.
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file.
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the c...