Critical active threat
CVE-2022-27593 QNAP Photo Station Externally Controlled Reference
- Actively exploited (CISA KEV)
- CVSS 10
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Google Chromium Mojo Insufficient Data Validation
QNAP Photo Station Externally Controlled Reference
D-Link DIR-820L Remote Code Execution
Apple iOS, iPadOS, and macOS Input Validation
Fortinet FortiOS and FortiADC Improper Access Control
Oracle WebLogic Server Unspecified
MikroTik RouterOS Stack-Based Buffer Overflow
D-Link Multiple Routers OS Command Injection
NETGEAR Multiple Devices Exposure of Sensitive Information
D-Link DIR-300 Router Cleartext Storage of a Password
Android OS Privilege Escalation
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
PowerCMS XMLRPC API provided by Alfasado Inc.
cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema.
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform.
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform.
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the applica...
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via b...
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthent...