Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Google Chromium GPU Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Lahirudanushka School Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Avs4you Avs Audio Converter Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Google Chromium GPU Heap Buffer Overflow
Oracle Fusion Middleware Unspecified
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not va...
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the applica...
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing mu...
AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.
Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.