Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Zoho ManageEngine RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Wp-buy Login As User Or Customer \(user Switching\) privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Codeboxr Cbx Petition For Wordpress SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Zoho ManageEngine Multiple Products Remote Code Execution
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme Word...
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as anothe...
The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement...
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability.
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.