Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Br-automation Industrial Automation Aprol memory safety (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Institutional Management Website Project Institutional Management Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Thinkphp Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system co...
Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in...
SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands vi...
File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload ma...
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability.
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.
Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.