Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Apple IOS And IPadOS Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Goabode Iota All-in-one Security Kit Firmware DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Goabode Iota All-in-one Security Kit Firmware DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Apple iOS and iPadOS Out-of-Bounds Write
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CS...
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc.
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc.
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc.
New critical Mitel Micollab exposure disclosed.
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Dataease is an open source data visualization analysis tool.
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js.
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack.
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server.