Critical exposure
CVE-2022-44588 Unauth.
- CVSS 9.9
New critical Blocksera Cryptocurrency Widgets Pack SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Blocksera Cryptocurrency Widgets Pack SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Apple Ipados RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Apple Ipados Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
RSFirewall tries to identify the original IP address by looking at different HTTP headers.
Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit...
An issue existed in the parsing of URLs.
The issue was addressed with improved memory handling.
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.
Unauth.
Alist v3.4.0 is vulnerable to Directory Traversal,
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the s...
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the s...